When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

(Image credit: islander11 via Getty Images)

C sharp programming language source code example on monitor and bokeh background

GitHub has become a vital resource for programmers the world over, and an extensive knowledge base and repository for open-source coding projects, data storage and code management. However, the site is currently undergoing an automated attack involving the cloning and creation of huge numbers of malicious code repositories, and while the developers have been working to remove the affected repos, a significant amount are said to survive, with more uploaded on a regular basis.

An unknown attacker has managed to create and deploy an automated process that forks and clones existing repositories, adding its own malicious code which is concealed under seven layers of obfuscation (viaArs Technica). These rogue repositories are difficult to tell from their legitimate counterparts, and some users unaware of the malicious nature of the code are forking the affected repos themselves, unintentionally adding to the scale of the attack.

Once a developer makes use of an affected repo, a hidden payload begins unpacking seven layers worth of obfuscation, including malicious Python code and a binary executable. The code then sets to work collecting confidential data and login details before uploading it to a control server.

Research and data teams at security provider Apiiro have beenmonitoring a resurgence of the attacksince its relatively minor beginnings back in May of last year. And while the company says that GitHub has been quickly removing the affected repositories, its automation detection system is still missing many of them, and manually uploaded versions are still slipping the net.

While the attack was initially somewhat small-scale when it was first documented, with several packages detected on the site with early versions of the malicious code, it has gradually developed in size and sophistication. The researchers have identified several potential reasons for the success of the operation thus far, including the overall size of GitHub’s user base and the developing complexity of the technique.

Your next upgrade(Image credit: Future)Best CPU for gaming: The top chips from Intel and AMD.Best gaming motherboard: The right boards.Best graphics card: Your perfect pixel-pusher awaits.Best SSD for gaming: Get into the game ahead of the rest.

Your next upgrade

(Image credit: Future)Best CPU for gaming: The top chips from Intel and AMD.Best gaming motherboard: The right boards.Best graphics card: Your perfect pixel-pusher awaits.Best SSD for gaming: Get into the game ahead of the rest.

(Image credit: Future)

Nvidia RTX 4070 and RTX 3080 Founders Edition graphics cards

Best CPU for gaming: The top chips from Intel and AMD.Best gaming motherboard: The right boards.Best graphics card: Your perfect pixel-pusher awaits.Best SSD for gaming: Get into the game ahead of the rest.

What’s really intriguing here is the combination of sophisticated automated attack methods and simple human nature. While the methods of obfuscation have become increasingly complex, the attackers have relied heavily on social engineering to confuse developers into picking the malicious code over the real one and unintentionally spreading it onwards, compounding the attack and making it much harder to detect.

The biggest gaming news, reviews and hardware deals

As things stand this method seems to have worked remarkably well, and while GitHub has yet to comment on the attack directly, it did issue a general statement reassuring its users that “We have teams dedicated to detecting, analyzing, and removing content and accounts that violate our Acceptable Use Policies. We employ manual reviews and at-scale detection that use machine learning and constantly evolve and adapt to adversarial attacks”.

The perils of becoming popular, it seems, have manifested themselves here. While GitHub remains a vital resource for developers worldwide, its open-source nature and huge user base appears to have left it somewhat vulnerable, although given the effectiveness of the method, it comes as no surprise that solving the issue entirely seems to be an uphill battle that GitHub has yet to overcome.

TOPICSHardware

TOPICS

More about security

A still from a YouTube video of Senator Mark Warner speaking

Telecoms hack on US government officials is ‘worst in nations history’ and ‘the barn door is still wide open’ says senator

Telecoms hack on US government officials is ‘worst in nations history’ and ‘the barn door is still wide open’ says senator

HDMI cable

LatestMarvel Rivals' latest update quietly killed the game’s burgeoning mod sceneSee more latest►

Latest

Marvel Rivals' latest update quietly killed the game’s burgeoning mod scene

Marvel Rivals tier list - Wolverine

Marvel Rivals' latest update quietly killed the game’s burgeoning mod scene

Marvel Rivals' latest update quietly killed the game’s burgeoning mod scene

See more latest►

Most PopularTikTok’s time in the US may be ticking to a close as it makes a last stand in the Supreme Court, though Trump now says he ‘opposes banning’ itMSI intros cheaper ‘back connect’ Project Zero Intel motherboards for super-clean PC builds you might actually be able to affordThermaltake’s new 2000 W PSU is too powerful to be sold in the USA and comes with four PCIe 5.0 GPU power connectorsAMD accuses Intel’s Arrow Lake of being a ‘horrible’ product and implies a lack of options for consumers has caused the Ryzen 7 9800X3D shortageThis Jinx-inspired gaming PC is my favorite of CES 2025 and I’m head over heels for the hardwareHarrowing report alleges years of horrific abuse at Brandoville Studios, an Indonesian support studio that worked on Assassin’s Creed Shadows and The Last of Us RemakeTencent says it’s not a Chinese military company and is willing to sue the US Department of Defense if it isn’t removed from a blacklistAll Zenless Zone Zero 1.5 livestream codesAsus reveals three new Slash Travel Bags for carting around your ROG Ally—however, none of them are particularly fashion forwardToday’s Wordle answer for Friday, January 10We may not have a roadmap or balance patch just yet, but at least Path of Exile 2’s bugfix patch notes are funny

Most PopularTikTok’s time in the US may be ticking to a close as it makes a last stand in the Supreme Court, though Trump now says he ‘opposes banning’ itMSI intros cheaper ‘back connect’ Project Zero Intel motherboards for super-clean PC builds you might actually be able to affordThermaltake’s new 2000 W PSU is too powerful to be sold in the USA and comes with four PCIe 5.0 GPU power connectorsAMD accuses Intel’s Arrow Lake of being a ‘horrible’ product and implies a lack of options for consumers has caused the Ryzen 7 9800X3D shortageThis Jinx-inspired gaming PC is my favorite of CES 2025 and I’m head over heels for the hardwareHarrowing report alleges years of horrific abuse at Brandoville Studios, an Indonesian support studio that worked on Assassin’s Creed Shadows and The Last of Us RemakeTencent says it’s not a Chinese military company and is willing to sue the US Department of Defense if it isn’t removed from a blacklistAll Zenless Zone Zero 1.5 livestream codesAsus reveals three new Slash Travel Bags for carting around your ROG Ally—however, none of them are particularly fashion forwardToday’s Wordle answer for Friday, January 10We may not have a roadmap or balance patch just yet, but at least Path of Exile 2’s bugfix patch notes are funny

Most PopularTikTok’s time in the US may be ticking to a close as it makes a last stand in the Supreme Court, though Trump now says he ‘opposes banning’ itMSI intros cheaper ‘back connect’ Project Zero Intel motherboards for super-clean PC builds you might actually be able to affordThermaltake’s new 2000 W PSU is too powerful to be sold in the USA and comes with four PCIe 5.0 GPU power connectorsAMD accuses Intel’s Arrow Lake of being a ‘horrible’ product and implies a lack of options for consumers has caused the Ryzen 7 9800X3D shortageThis Jinx-inspired gaming PC is my favorite of CES 2025 and I’m head over heels for the hardwareHarrowing report alleges years of horrific abuse at Brandoville Studios, an Indonesian support studio that worked on Assassin’s Creed Shadows and The Last of Us RemakeTencent says it’s not a Chinese military company and is willing to sue the US Department of Defense if it isn’t removed from a blacklistAll Zenless Zone Zero 1.5 livestream codesAsus reveals three new Slash Travel Bags for carting around your ROG Ally—however, none of them are particularly fashion forwardToday’s Wordle answer for Friday, January 10We may not have a roadmap or balance patch just yet, but at least Path of Exile 2’s bugfix patch notes are funny

Most Popular

TikTok’s time in the US may be ticking to a close as it makes a last stand in the Supreme Court, though Trump now says he ‘opposes banning’ it

MSI intros cheaper ‘back connect’ Project Zero Intel motherboards for super-clean PC builds you might actually be able to afford

Thermaltake’s new 2000 W PSU is too powerful to be sold in the USA and comes with four PCIe 5.0 GPU power connectors

AMD accuses Intel’s Arrow Lake of being a ‘horrible’ product and implies a lack of options for consumers has caused the Ryzen 7 9800X3D shortage

This Jinx-inspired gaming PC is my favorite of CES 2025 and I’m head over heels for the hardware

Harrowing report alleges years of horrific abuse at Brandoville Studios, an Indonesian support studio that worked on Assassin’s Creed Shadows and The Last of Us Remake

Tencent says it’s not a Chinese military company and is willing to sue the US Department of Defense if it isn’t removed from a blacklist

All Zenless Zone Zero 1.5 livestream codes

Asus reveals three new Slash Travel Bags for carting around your ROG Ally—however, none of them are particularly fashion forward

Today’s Wordle answer for Friday, January 10

We may not have a roadmap or balance patch just yet, but at least Path of Exile 2’s bugfix patch notes are funny

HARDWARE BUYING GUIDESLATEST GAME REVIEWS1Best Steam Deck accessories in Australia for 2025: Our favorite docks, powerbanks and gamepads2Best graphics card for laptops: the mobile GPUs I’d want in my next gaming laptop3Best mini PCs in 2025: The compact computers I love the most4Best 14-inch gaming laptop: The top compact gaming laptops I’ve held in these hands5Best Mini-ITX motherboards in 2025: My pick from all the mini mobo marvels I’ve tested1Thank Goodness You’re Here! review: An anarchic treasure trove of jokes and skits2Shiren the Wanderer: The Mystery Dungeon of Serpentcoil Island review—like juggling chainsaws on horseback3WD Black SN850X 8 TB NVMe SSD review4Ikea Utespelare desk review5Asus ROG Harpe Ace Mini wireless mouse review

HARDWARE BUYING GUIDESLATEST GAME REVIEWS1Best Steam Deck accessories in Australia for 2025: Our favorite docks, powerbanks and gamepads2Best graphics card for laptops: the mobile GPUs I’d want in my next gaming laptop3Best mini PCs in 2025: The compact computers I love the most4Best 14-inch gaming laptop: The top compact gaming laptops I’ve held in these hands5Best Mini-ITX motherboards in 2025: My pick from all the mini mobo marvels I’ve tested1Thank Goodness You’re Here! review: An anarchic treasure trove of jokes and skits2Shiren the Wanderer: The Mystery Dungeon of Serpentcoil Island review—like juggling chainsaws on horseback3WD Black SN850X 8 TB NVMe SSD review4Ikea Utespelare desk review5Asus ROG Harpe Ace Mini wireless mouse review

HARDWARE BUYING GUIDESLATEST GAME REVIEWS1Best Steam Deck accessories in Australia for 2025: Our favorite docks, powerbanks and gamepads2Best graphics card for laptops: the mobile GPUs I’d want in my next gaming laptop3Best mini PCs in 2025: The compact computers I love the most4Best 14-inch gaming laptop: The top compact gaming laptops I’ve held in these hands5Best Mini-ITX motherboards in 2025: My pick from all the mini mobo marvels I’ve tested1Thank Goodness You’re Here! review: An anarchic treasure trove of jokes and skits2Shiren the Wanderer: The Mystery Dungeon of Serpentcoil Island review—like juggling chainsaws on horseback3WD Black SN850X 8 TB NVMe SSD review4Ikea Utespelare desk review5Asus ROG Harpe Ace Mini wireless mouse review

HARDWARE BUYING GUIDESLATEST GAME REVIEWS1Best Steam Deck accessories in Australia for 2025: Our favorite docks, powerbanks and gamepads2Best graphics card for laptops: the mobile GPUs I’d want in my next gaming laptop3Best mini PCs in 2025: The compact computers I love the most4Best 14-inch gaming laptop: The top compact gaming laptops I’ve held in these hands5Best Mini-ITX motherboards in 2025: My pick from all the mini mobo marvels I’ve tested1Thank Goodness You’re Here! review: An anarchic treasure trove of jokes and skits2Shiren the Wanderer: The Mystery Dungeon of Serpentcoil Island review—like juggling chainsaws on horseback3WD Black SN850X 8 TB NVMe SSD review4Ikea Utespelare desk review5Asus ROG Harpe Ace Mini wireless mouse review

HARDWARE BUYING GUIDESLATEST GAME REVIEWS

1Best Steam Deck accessories in Australia for 2025: Our favorite docks, powerbanks and gamepads

A bunch of the best Steam Deck accessories on a blue background.

1Best Steam Deck accessories in Australia for 2025: Our favorite docks, powerbanks and gamepads

1

Best Steam Deck accessories in Australia for 2025: Our favorite docks, powerbanks and gamepads

2Best graphics card for laptops: the mobile GPUs I’d want in my next gaming laptop

2Best graphics card for laptops: the mobile GPUs I’d want in my next gaming laptop

2

Best graphics card for laptops: the mobile GPUs I’d want in my next gaming laptop

3Best mini PCs in 2025: The compact computers I love the most

3Best mini PCs in 2025: The compact computers I love the most

3

Best mini PCs in 2025: The compact computers I love the most

4Best 14-inch gaming laptop: The top compact gaming laptops I’ve held in these hands

4Best 14-inch gaming laptop: The top compact gaming laptops I’ve held in these hands

4

Best 14-inch gaming laptop: The top compact gaming laptops I’ve held in these hands

5Best Mini-ITX motherboards in 2025: My pick from all the mini mobo marvels I’ve tested

5Best Mini-ITX motherboards in 2025: My pick from all the mini mobo marvels I’ve tested

5

Best Mini-ITX motherboards in 2025: My pick from all the mini mobo marvels I’ve tested

1Thank Goodness You’re Here! review: An anarchic treasure trove of jokes and skits

Thank Goodness You’re Here review

1Thank Goodness You’re Here! review: An anarchic treasure trove of jokes and skits

1

Thank Goodness You’re Here! review: An anarchic treasure trove of jokes and skits

2Shiren the Wanderer: The Mystery Dungeon of Serpentcoil Island review—like juggling chainsaws on horseback

2Shiren the Wanderer: The Mystery Dungeon of Serpentcoil Island review—like juggling chainsaws on horseback

2

Shiren the Wanderer: The Mystery Dungeon of Serpentcoil Island review—like juggling chainsaws on horseback

3WD Black SN850X 8 TB NVMe SSD review

3WD Black SN850X 8 TB NVMe SSD review

3

WD Black SN850X 8 TB NVMe SSD review

4Ikea Utespelare desk review

4Ikea Utespelare desk review

4

Ikea Utespelare desk review

5Asus ROG Harpe Ace Mini wireless mouse review

5Asus ROG Harpe Ace Mini wireless mouse review

5

Asus ROG Harpe Ace Mini wireless mouse review