GitHub Removes Malicious Pull Requests Targeting Open Source Repositories

GitHub has removed several dozen malicious pull requests across various open source repositories following multiple attempts at injecting harmful code. In one example that drew attention on X/Twitter, EXO Labs co-founder Alex Cheema reported a backdoor attempt on his company’s exo-explore repository, through a PR from user “evildojo666.”

In this incident, the attacker targeted 27 repositories with a range of low-effort attempts to add minor modifications. The PR shown above includes a suspicious line of obfuscated code in models.py, which prompted attention from a repository collaborator. It attempts to plant code that could lead to a potential remote code execution attack.

LGTM 👍#

“I could definitely see a dev quickly approving PR's missing something like this,” Cheema said. “The title and first change are totally reasonable.”

Some may argue that these types of attacks aren’t sophisticated—but they don’t need to be. This approach is a ‘shotgun attack,’ where the attacker targets a large number of repositories with simple, low-effort pull requests, hoping that at least a few will slip through and be merged. The danger lies in the numbers: by casting a wide net across many repositories, the attacker increases their odds of success. Even if only a handful of maintainers inadvertently approve the changes, that’s all it takes for the attacker to achieve their goal.

This incident is a strong reminder that as a maintainer, it’s important to check every line of every PR submitted to your projects.

Such low-effort PR attacks are not uncommon on GitHub, as open source repositories remain prime targets for attackers with malicious intentions. These attacks often involve minor, seemingly innocuous changes, masking harmful code within legitimate contributions. Attackers leverage the open and collaborative nature of GitHub, hoping that busy maintainers might overlook suspicious modifications.

“Open source contributions are increasingly seeing backdoor attacks,” Shopify CEO Tobias Lutke commented on the attempts. “How many of these are caught? Software supply chain attacks are going to be the defining threat in tech over the next years.”

To protect against these types of attacks, developers and repository maintainers are advised to review pull requests thoroughly, enable branch protection rules to limit who can push directly to important branches, and enforce code reviews. Other experts weighing in on the incident suggested using tools like GitHub Copilot, CodeRabbit, Bandit, or implementing a server-side presubmit linter to block the use of exec statements.

Socket sees a steady stream of these types of low-effort attacks that are hidden behind obfuscated code in malicious packages uploaded to open source registries. It's often buried within packages designed to look legitimate, making it easy for busy developers to unknowingly introduce malicious code into their projects.

Our free GitHub app detects and flags malware, obfuscated code, and 70+ other indicators of supply chain compromise. If for some reason a maintainer wasn’t paying attention and a malicious PR landed in one the dependencies you're using, Socket would detect and flag it before you update to the latest malicious version. This is another safeguard you want to have in place if you are using open source code.