Dec 07, 2024, 12:46 AM
Very interesting attack vector here. Someone used PRs to leak secrets from build pipelines.
Then they used it to poison the release to drop a Monero miner. For the attacker the attack generally yielded very little, but it caused chaos around the world, including downstream applications that used it.
https://www.bleepingcomputer.com/news/se...yptominer/
The blog below has exceptional detail:
https://blog.yossarian.net/2024/12/06/zi...he-payload
There are so many other major open-source projects vulnerable to the same kind of vulnerability.
Then they used it to poison the release to drop a Monero miner. For the attacker the attack generally yielded very little, but it caused chaos around the world, including downstream applications that used it.
https://www.bleepingcomputer.com/news/se...yptominer/
The blog below has exceptional detail:
https://blog.yossarian.net/2024/12/06/zi...he-payload
There are so many other major open-source projects vulnerable to the same kind of vulnerability.
