[ad_1]
The repository names had been discovered to be similar to a number of different non-trojanized repositories, indicating some type of typo-squatting at play. Additionally, the “About” part of those repositories was full of search key phrases associated to the unique repository’s theme and infrequently included an emoji, often a flame or a rocket ship, hinting at using AI.
ReversingLabs shared an inventory of marketing campaign indicators, together with domains, URLs, and filenames, together with all 67 flagged repositories for builders to be careful for.
“For developers relying on these open-source platforms (GitHub), it’s essential to always double-check that the repository you’re using actually contains what you expect,” Simmons cautioned. “However, the best way to avoid running into this threat is to compare the desired repository to a previous, known good version of the software or source code.”