How Threat Actors are Abusing GitHub’s File Upload Feature to Host Malware

In a recent discovery, GitHub was found susceptible to a CDN (content delivery network) flaw that allows attackers to host malware. This appears to be a security issue or a bug that exposes the risks associated with CDNs used by major software development platforms. It’s part of a growing trend where GitHub, a platform integral to software development, is becoming a vector for cybersecurity threats.

Last week McAfee reported that a new packed variant of the Redline Stealer trojan, a prevalent malware strain, was found to be leveraging Lua bytecode to perform malicious behavior. One notable feature of its infection chain is that the trojanized git repository appears to be hosted on Microsoft’s GitHub account.

https[:]//github[.]com/microsoft/vcpkg/files/14125503/Cheat.Lab.2.7.2.zip

What is actually happening here is that attackers have exploited this bug in GitHub comments to spread malware by uploading files that are then hosted in GitHub’s Amazon S3 instance for corresponding repository.

Last month software engineer Justas Masiulis tweeted an example of malware abusing GitHub attachments to create file links in legitimate repositories. The example referenced a file that appears to be hosted on the Microsoft MSRC Security Research GitHub repository.

GitHub does not appear to have taken any action against this type of abuse beyond simply removing the offending files.

Sergei Frankoff, co-founder of automated malware analysis services provider Open Analysis, tweeted a quick walkthrough video of how attackers can host malware or any type of file on other people’s repositories by exploiting GitHub issues and comments. He performed a demo on one of his own repositories.

“The way you do it is open an issue, and then drop your file into the issues,” Frankoff said. “It gets uploaded and saved under the tree of the GitHub repo, and then you can access it with that link.

“The stealthy way to do this is to actually just close the issue so you don’t actually submit it. Just upload the file in the message box and then, kill the issue and the file stays. So there’s no indication that you did that.”

Frankoff explained that the paths for /assets, traditionally used for releases, is confusingly similar to /files:

<github user>/<github repo>/assets/<file>

<github user>/<github repo>/files/<file>

Attackers leverage this confusion to lend their malware links more legitimacy. It’s similar to “starjacking” confusion where attackers link their package to a popular package's source code repository on GitHub that has a high number of stars.

Frankoff speculated that GitHub’s servers likely have forensics to identify more information about people who are abusing this mechanism. So far they haven’t been quick to crack down on this abuse.

One person responded on Twitter that he is using this vulnerability to use Github's CDN for uploading images to his blog. He creates an issue on his own repo, uploads images, and closes the issue to get a free CDN for his Netlify-hosted blog.

Bleeping Computer confirmed that the comments feature on GitLib is also subject to the same abuse, only with a different URL structure.

https[:]//gitlab[.]com/inkscape/inkscape/uploads/edfdbc997689255568a7c81db3f3dc51/InkScape-2024-Latest.exe

https[:]//gitlab[.]com/wireshark/wireshark/uploads/b4162053fbb4dc6ee4f673c532009e16/WireShark-v4.2.4-stable-release.exe

One notable difference is that GitLab users must be logged in to upload files, but having an account may not be a strong deterrent.

Security Implications of Abusing GitHub and GitLab Uploads#

Beyond the seemingly innocuous abuse of GitHub’s CDN for hosting blog post images, there are many novel, malicious ways this bug could be used:

• Spoofing Security Tools: An attacker could upload malicious versions of popular security patches or tools within repositories that host cybersecurity software. For instance, they might upload a trojanized version of a well-known antivirus tool update file, tricking users into downloading and executing malware under the guise of enhancing security.
• Impersonating Development Tools: In repositories that store development tools or plugins, attackers could upload malicious "updates" or "extensions." This could be particularly effective in repositories for IDEs (Integrated Development Environments) like Visual Studio Code or popular development frameworks, where the additional files could be presented as performance enhancements or new features.
• Malware in Data Science Repositories: For repositories hosting data science projects or datasets, an attacker could add malicious data files or code notebooks that include hidden malicious code. When these notebooks are run, they could execute actions ranging from data theft to environment manipulation on the user’s machine.
• Open Source Project Hijacks: Threat actors could target repositories of abandoned or less actively maintained open source projects. They might add new "contributions" that include malicious code, which could then be pulled into forks or clones of the project by unsuspecting developers.
• Exploiting Firmware and Hardware Projects: In repositories dealing with firmware or hardware drivers, uploading compromised firmware files or driver updates could lead to direct manipulation of physical devices. Users downloading these updates might unknowingly install firmware that could alter device behavior or allow remote access.

Open Analysis has a detailed writeup of how this GitHub bug was used to infect game hackers with Lua malware. It’s likely not the first attempt to abuse GitHub file uploads to deliver a malicious file. In addition to the piles of malware that’s openly hosted on the platform “for educational purposes,” GitHub has also struggled to contain the automated creation of repositories hosting obfuscated malware.

This method of abuse applies to any public repository on GitHub or GitLab. Developers and researchers should be aware of these techniques to disguise malicious software as legitimate projects. Never blindly download files from seemingly trustworthy locations, like popular GitHub repositories, without properly verifying their integrity.