More than a hundred backdoored malware repos traced to single GitHub user Sophos thinks a single person or group called "ischhfd83" is behind more than a hundred backdoored malware variants targeting novice cybercriminals and video game cheaters looking to get their hands on malicious code. Researchers linked the hundreds of GitHub repositories to a single Russian email address (ischhfd83[at]rambler …
Not the image I was looking for, but good enough.
Quis piratas informaticos violat
Really odd. Google translated the phrase as Spanish into just "quique."
I think Google translate is having an AI moment. I tried "No honour among thieves" into Latin, reversed the (poor) translation which in turn sprouted some nonsense about "merry children."
With all the supposed software sophistication, how does Microsoft just let something like this run rampant on Github? Are they supposed to have systems and tools that are on the lookout for suspicious activity -- just the type described in the article? Isn't AI supposed to be able to spot this stuff -- the same way it is supposed to be able to spot breast cancer before human eyes can? It seems like a world full of hype and no results as far as platform security and AI goes? No?
Is there no way to pick at least some up by scanning the submissions or too many, too hard?
It's also worrying how many developers, even in major companies, download code straight into their projects in connected systems. Everything needs to be quaratined and isolated until thoroughly checked and built from the secure source. OK to use to make a decision on if isolated just for the purpose of deciding if you want to use the code. Basically, development environment should have levels of isolation so the guys can at least have one environment that is a bit of a free for all, fix yourself to experiment but nothing gets to the main part of the project without proper checking.
Interesting point, but saving time is why people use projects directly from git repos...doing code audits like this would probably take as long as building the dependency yourself from scratch in a lot of cases.
I also don't think average developers are skilled enough to audit code sufficiently to find backdoors and the like...I mean there are still some developers out there that build apps with SQL injection vulnerabilities.
I also suspect that at some point in the near future, codebases are going to slowly start becoming a lot more short lived because of AI. Projects that take 6 months that produce a solution that hangs around for 5-10 years are going disappear and we're likely to see more projects that take a day or two that are expected to last for 6 months to a year.
Some of the most successful anti-scammer operations have involved biting the biter. The example of the secure messaging phone sold to criminals by (as it turned out) the FBI is exemplary. Sef financing, too. Poisoning repositories of waanabe malware sounds like it could be a good trick if it was done intelligently. You can't stop script kiddies from trying it on but you can watch their efforts in real time and intervene before they do too much damage, maybe busting a few of them in the process "por encourager les autres".
Of necessity such an effort can't be done officially because no matter how secret this type of project is the moment it becomes official word leaks out about it. This has been the bane of all government spying operations for literally decades now -- no matter how little is said, how secret the equipment room is or how tight you think your security is word eventually leaks out (with just a few exceptions like the Swiss encryption machine manufacturer that was majority owned by the CIA and German intelligence).
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
