Bitcoin Forum
November 14, 2019, 10:31:33 PM *
News: 10th anniversary art contest
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Just because Itís on GitHub. It doesnít mean itís safe>  (Read 272 times)
hugeblack
Hero Member
*****
Offline Offline

Activity: 868
Merit: 820


Strange block 74638


View Profile
May 03, 2019, 05:13:28 PM
Last edit: May 04, 2019, 05:50:46 AM by hugeblack
Merited by dbshck (4), joniboini (2), pooya87 (1), LTU_btc (1), BrewMaster (1), iasenko (1), paxmao (1), DdmrDdmr (1), Bitcoin_Arena (1)
#1

Many members trust random programs because they are open source or found on GitHub.
Have you reviewed each line? Is the file new? Is the user account trusted(have many trusted projects) or has it been newly created? If your answers are unclear, do not download any file or even give some permissions of that application.
I noticed a lot of campaigns used that method.
This warning includes Google Play and Chrome store.


Community Tips:

Quote
Quote
Quote
Quote
Quote

1573770693
Hero Member
*
Offline Offline

Posts: 1573770693

View Profile Personal Message (Offline)

Ignore
1573770693
Reply with quote  #2

1573770693
Report to moderator
1573770693
Hero Member
*
Offline Offline

Posts: 1573770693

View Profile Personal Message (Offline)

Ignore
1573770693
Reply with quote  #2

1573770693
Report to moderator
1573770693
Hero Member
*
Offline Offline

Posts: 1573770693

View Profile Personal Message (Offline)

Ignore
1573770693
Reply with quote  #2

1573770693
Report to moderator
The Bitcoin Forum is turning 10 years old! Join the community in sharing and exploring the notable posts made over the years.
1573770693
Hero Member
*
Offline Offline

Posts: 1573770693

View Profile Personal Message (Offline)

Ignore
1573770693
Reply with quote  #2

1573770693
Report to moderator
BrewMaster
Hero Member
*****
Offline Offline

Activity: 1358
Merit: 832


There is trouble abrewing


View Profile
May 03, 2019, 05:25:08 PM
Merited by dbshck (4), ETFbitcoin (1), hugeblack (1), joniboini (1), DdmrDdmr (1)
#2

i have been saying this for ages. these are good methods to assess the "risk" of a project on github:
1. number of starts and number of forks. which shows the popularity of the project and how many people are looking at it. having lower number or nothing at all shows a risky code but having higher although doesn't mean safe but it is a positive sign.
2. number of commits. which shows the activity of the project, a scam project doesn't have that many commits. usually scammers make the malicious code and put it up, that's it!
3. having no source code! GitHub is basically a place where you upload stuff. a lot of these malicious ones use it to only upload their binary or a compressed rar file and not share the code at all.

Bitcoin_Arena
Copper Member
Full Member
***
Offline Offline

Activity: 392
Merit: 183


First 100% Liquid Stablecoin Backed by Gold


View Profile
May 03, 2019, 05:38:44 PM
Last edit: May 03, 2019, 06:09:29 PM by Bitcoin_Arena
Merited by dbshck (6), harizen (1), hugeblack (1), joniboini (1), paxmao (1), DdmrDdmr (1)
#3

True, some members fall victim to download malicious file because they think that if a project is hosted on GitHub, it's safe.
Things to be suspicious of are:

1. The profile Age and activityy;
Very many times, the GitHub profile age is a few days or months old with less activity
Here is a scam I uncovered a few days ago with an attempt to spread malware

OWL Coin - Malware in the wallet [DO NOT DOWNLOAD]!!!

If you look at the profile of the so called project developer
He just joined 6 days ago with just only 3 contributions in the last year and the contributions are highlighted by one dot in April and boom wallet is ready  Grin



The three contributions were
- Joined GitHub
- Created their first repository April 27th
- Created 1 commit in 1 repository (projectsowa/coinowl 1 commit)

That was all

2. Wallet link in the ANN is usually set up so that it can auto downloads
This is done so that the user can not see how the GitHub activity looks like and become suspicious

This is the way the scam set up his, as soon as you click on the link, it auto downloads

Code:
https://github.com/projectsowa/coinowl/raw/master/Owlcoin-win64-qt.zip

3.  Files however small they are usually are zipped
This is done so that online virus detectors like virustotal may not be able to detect the malware at times

Some checks users can do
  • Look at the account age
  • Is the activity high in the repository? Are the developers verified and credible?
  • Virustotal might not be 100% accurate but it's sometimes a savior, scan all downloaded files
  • always have a strong AV on your computer if you are found of downloading this hosted files
  • Verify signatures of file releases before installation
  • Simply avoid suspicious and unpopular ICO/Master node project wallet downloads

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1820
Merit: 2082

Use SegWit and enjoy lower fees.


View Profile WWW
May 03, 2019, 05:53:33 PM
Merited by dbshck (4), hugeblack (1), paxmao (1)
#4

Don't forget the fact they put their application/installer on commit, rather than releases page.

Code:
https://github.com/<profile name>/<repository name>/releases

2. number of commits. which shows the activity of the project, a scam project doesn't have that many commits. usually scammers make the malicious code and put it up, that's it!

Take note few project have lots of commit on "development" branch, but very few commit on default/master branch because they use squash merging on pull request.

whotookmycrypto
Full Member
***
Offline Offline

Activity: 168
Merit: 198


WhoTookMyCrypto.com


View Profile WWW
May 03, 2019, 06:39:15 PM
Merited by suchmoon (4), dbshck (4), TryNinja (1), joniboini (1)
#5

Yes, open source does not automatically = safe. It just means the source code is available for others to view. People often think sunlight is the best disinfectant but in this case, making something open also means that scammers have access to it.

Perfect example. Fake electrum wallet that was on Github.

For those who are unaware of what happened:
Quote
The attack resulted in legitimate Electrum wallet apps showing a message on users' computers, urging them to download a malicious wallet update from an unauthorized GitHub repository.

The attack began last week on Friday, December 21, and appears to have been temporarily stopped earlier today after GitHub admins took down the hacker's GitHub repository.

Source: https://www.zdnet.com/article/users-report-losing-bitcoin-in-clever-hack-of-electrum-wallets/

TalkStar
Copper Member
Sr. Member
****
Offline Offline

Activity: 462
Merit: 357



View Profile
May 03, 2019, 08:06:55 PM
#6

Blindly depending on something isn't a wise decission in my opinion. Nowadays its hard to find secure platforms where there is no chance of getting hacked. As an example its been just few month that playstore have made their rules strict for app listing but you can see lots of worse quality mobile apps still now on there. In previous time it was quite easier for anyone to list their mobile apps on there and most of these apps were bookmark app.

In this modern world everything is getting update day by day. As same as fraudlent activators are also setting their traps on every single places where we they know that its very much trusted to us.


Mix coins  ]
 
Your BITCOIN Transaction
made Truly ANONYMOUS
 

███████
█████████████████
████████████████████████
█████████████████████████████
██████████                    ██████████
█████████                          █████████
███████                                    ████████
          ███████                                        ███████        ██
          █████████████████████████████████████      ███
          █████████████████████████████████████  █████
          ████████████████████████████████████  ██████
        ██████████████████████████████████████████
  █████████████████████████████████████████
█████                                        ████████████
                                  ██████████████
██                          █████████████████████          ██     
█████              ███████████████████████          ████     
█████████████████████████████            █████████     
██████████████████                      ████████████       
██████████████████████████████████████     
████████████████████████  ███████ 
    ██████████              █████
                      ████████
      ████████████████    █
        ██████████████████
                  █████      ███
                      █████
                    ████

Blender
 
The ULTIMATE BITCOIN Mixer
with an ADVANCED TECHNOLOGY
 

███████████   
███████████████████████   
████████████████████████████     
██████████████████████████████     
██████████████████████████████   
 

                                          █████████████
                                          ███████████
██████
                                          ███████████
██████
                                          ███████████
        ██
                                        ████████████
        ██
    ██                              █████████████
        ██
    ████                      ███████████████
        ██
    ██████              █████████████████
        ██
    █████████████████████████████
          ██ 
      ███████████████████████████
          ███
      ██████  ████████████████████
        ████
      ██████████████████████████
  ██████
      ██████████████████████████
███████
  █████      ████████████████████
███
████          ████████████████
████ 
████          ████████████████       
████████████████████████


 
█████████████████████████       
███████████████████████████       
█████████    ██    ███    ██████████     
███████████    ██    ███     ██████████       
███████████    ██    ███     ███████████     
██████████████████████████████████     
██████████████████████████████████       
[/
Bountyhonter
Jr. Member
*
Offline Offline

Activity: 378
Merit: 9


View Profile WWW
May 03, 2019, 09:58:13 PM
#7

The rate at which people trust programmes just because it's on GitHub is surprising, many hackers will take this to their advantage and hide dangerous codes within programmes because they know most people won't bother to check.
tranthidung
Hero Member
*****
Offline Offline

Activity: 630
Merit: 818


Merit system boosts post quality in average !


View Profile
May 04, 2019, 02:02:44 AM
#8

always have a strong AV on your computer if you are found of downloading this hosted files[/li][/list]
Because you mentioned about Virustotal, here we go:
[Guide] Virustotal scan guideline to detect viruses, trojans, malwares, worms
Maybe, someone who have not heard about Virustotal and not known how to use it will see my topic is helpful for their interests.




▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄                  ▄▄▄   ▄▄▄▄▄        ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄
 ▀████████████████▄  ████                 █████   ▀████▄    ▄████▀  ▄██████████████   ████████████▀  ▄█████████████▀  ▄█████████████▄
              ▀████  ████               ▄███▀███▄   ▀████▄▄████▀               ████   ████                ████                   ▀████
   ▄▄▄▄▄▄▄▄▄▄▄█████  ████              ████   ████    ▀██████▀      ██████████████▄   ████████████▀       ████       ▄▄▄▄▄▄▄▄▄▄▄▄████▀
   ██████████████▀   ████            ▄███▀     ▀███▄    ████        ████        ████  ████                ████       ██████████████▀
   ████              ████████████▀  ████   ██████████   ████        ████████████████  █████████████▀      ████       ████      ▀████▄
   ▀▀▀▀              ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀  ▀▀▀▀        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀        ▀▀▀▀       ▀▀▀▀        ▀▀▀▀▀

#1 CRYPTO CASINO & SPORTSBOOK
  WELCOME
BONUS
.INSTANT & FAST.
.TRANSACTION.....
.PROVABLY FAIR.
......& SECURE......
.24/7 CUSTOMER.
............SUPPORT.
BTC      |      ETH      |      LTC      |      XRP      |      XMR      |      BNB      |     more
hugeblack
Hero Member
*****
Offline Offline

Activity: 868
Merit: 820


Strange block 74638


View Profile
May 04, 2019, 06:18:44 AM
#9

I edited the topic by adding important tips from the comments above (I'm sorry if I've had to cut some parts just for a shortcut.)
I noticed are that many scammers have been using this method to gain trust.
Even if the wallet/app is working, it does not mean that you are safe. "There may be some hidden add-ons to steal your key or clipboard viruses."

LTU_btc
Hero Member
*****
Offline Offline

Activity: 1414
Merit: 754



View Profile WWW
May 04, 2019, 10:41:30 PM
Merited by paxmao (1)
#10

Great suggestion. People usually afraid to download files/programs from cloud storages or file sharing websites. But if it's uploaded on Github, most people think that program is safe to use. Open source file unfortunately doesn't mean that program is safe to use. The problem that majority of people don't have skills and knowledge to review every line of code, so they trust in program just because it's open source and uploaded on Github. Personally, I also don't have knowledge to review each line of code, but I don't download random programs. I'm always looking if it's been reviewed by someone already, I also avoid files if it's been uploaded by new user.
I don't even talk about Play Store. There is so much shit there because everyone can upload programs there after paying small fee and these files are not reviewed by anyone before uploading it. You must be very careful on Google Play.




▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄                  ▄▄▄   ▄▄▄▄▄        ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄
 ▀████████████████▄  ████                 █████   ▀████▄    ▄████▀  ▄██████████████   ████████████▀  ▄█████████████▀  ▄█████████████▄
              ▀████  ████               ▄███▀███▄   ▀████▄▄████▀               ████   ████                ████                   ▀████
   ▄▄▄▄▄▄▄▄▄▄▄█████  ████              ████   ████    ▀██████▀      ██████████████▄   ████████████▀       ████       ▄▄▄▄▄▄▄▄▄▄▄▄████▀
   ██████████████▀   ████            ▄███▀     ▀███▄    ████        ████        ████  ████                ████       ██████████████▀
   ████              ████████████▀  ████   ██████████   ████        ████████████████  █████████████▀      ████       ████      ▀████▄
   ▀▀▀▀              ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀  ▀▀▀▀        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀        ▀▀▀▀       ▀▀▀▀        ▀▀▀▀▀

#1 CRYPTO CASINO & SPORTSBOOK
 WELCOME
BONUS
.INSTANT & FAST.
.TRANSACTION.....
.PROVABLY FAIR.
......& SECURE......
.24/7 CUSTOMER.
............SUPPORT.
BTC      |      ETH      |      LTC      |      XRP      |      XMR      |      BNB      |     more
TryNinja
Legendary
*
Offline Offline

Activity: 1190
Merit: 1604



View Profile
May 04, 2019, 10:44:52 PM
#11

Great suggestion. People usually afraid to download files/programs from cloud storages or file sharing websites. But if it's uploaded on Github, most people think that program is safe to use. Open source file unfortunately doesn't mean that program is safe to use. The problem that majority of people don't have skills and knowledge to review every line of code, so they trust in program just because it's open source and uploaded on Github. Personally, I also don't have knowledge to review each line of code, but I don't download random programs. I'm always looking if it's been reviewed by someone already, I also avoid files if it's been uploaded by new user.
Most of the time the file doesn't even have anything to do with the source code being shown in the repo. Heck, sometimes there isn't even any code. The repo is just empty and they uploaded a random file to make use of the "GitHub" domain.

When the Electrum phishing messages were happening, they were linking files on GitHub for people to download. And all their repo were empty. Being hosted on GitHub means literally nothing.

pooya87
Legendary
*
Offline Offline

Activity: 1820
Merit: 2048


Remember tonight for it's the beginning of forever


View Profile
May 05, 2019, 04:24:56 AM
#12

~
Most of the time the file doesn't even have anything to do with the source code being shown in the repo. Heck, sometimes there isn't even any code. The repo is just empty and they uploaded a random file to make use of the "GitHub" domain.

When the Electrum phishing messages were happening, they were linking files on GitHub for people to download. And all their repo were empty. Being hosted on GitHub means literally nothing.

the good news about these cases is that GitHub is vigilant about these types of malicious usage of their service and if you report them, they close the account and the repository fast enough specially when they are abusing the name of a popular project like Electrum.
so far i have personally reported a handful of these cases and before the day ended it was closed down.

DaveF
Hero Member
*****
Online Online

Activity: 1741
Merit: 853



View Profile WWW
May 05, 2019, 11:41:13 AM
Last edit: May 05, 2019, 09:11:41 PM by DaveF
Merited by dbshck (2)
#13

Even if it *was* legitimate yesterday does not mean it's legitimate today.
There is large github hack / breach from compromised accounts.

https://motherboard.vice.com/en_us/article/vb9v33/github-bitbucket-repositories-ransomware

-Dave

███████████████████████████
█████████▀▄▄▄▄▄██▀▀████████
█████▀▄█▀▀▄▄▄▄▄▄▄▀▀▄▄▀█████
████ █▀▄███████████▄▀██████
███▄█ ███████▀ ██████ █ ███
██▀█ ███  ▀▀█  ▀██████ █ ██
██ █ ████▄▄      ▀▀▀██ █ ██
██ █ █████▌        ▄██ ████
███▄█ █████▄▄   ▄▄███ █▀███

████▀█▄▀█████▌  ▀██▀▄█ ████

█████▄▀▀▄▄▀▀▀▀   ▄▄█▀▄█████
████████▄██▀▀▀▀▀▀██████████

███████████████████████████
|▄█████████████████████████▄
███████████████████████████
████████▀▀▄▄▄▄▄▄▄▀▀████████
██████▀▄▀▀██░░░██▀▀▄▀██████
█████░██▄░░▄▄▄▄▄░░▄██░█████
████░█▀▀░▄██▄▄▄██▄░▀░█░████
████░█▄▄░█░█░░░█░█░▄▄█░████
████░██▀░▀██▀▀▀██▀░▀▀█░████
█████░█░▄▄░▀▀▀▀▀░▄▄░█░█████
██████▄▀██░░▄██░░██▀▄██████
████████▄▄▀▀▀▀▀▀▀▄▄████████
███████████████████████████
▀█████████████████████████▀
▄█████████████████████████▄
███████████████████▀█▀░█▀▄█
████████████████████░░░░░▀▄
████▄▄▄▀██████████▄▄░░░░░░▀
███████▀▄░▀▄░░▀▀███▄█░░░░░█
██████▀▄▄▄▀░░░░░░░▀█▄█░█▄█▄
█████▀░░░░░▀▀▀░░░▀▄▀███████
█████░░░░█░███░█░░█░███████
█████▄░░░▀░▀▀▀░▀░▄▀▄███████
██████▄░░░░▀▀▀░▄▄▀▄████████
████████▄▄░░░░▀▄▄██████████
███████████████████████████
▀█████████████████████████▀
▄█████████████████████████▄
█████████████▐░░░░█████████
█████████████▐▄▄▄▄█████████
██████▀█▀███▀▀▀███▀█▀██████
███████▄▀▄▀▀░█░▀▀▄▀▄███████
█████████▀▀█▀▀▀█▀▀█████████
████████░█▀▀▀█▀▀▀█░████████
███████░█▀▀█▀▀▀█▀▀█░███████
██████░█▀▀▀█░░░█▀▀▀█░██████
█████░█▀▀█▀▀▀█▀▀▀█▀▀█░█████
████░█▀█▀▀▀█▀▀▀█▀▀▀█▀█░████
███████████████████████████
▀█████████████████████████▀
▄█████████████████████████▄
███████████████████████████
███████████████████████████
█████████▀▀▀███████████████
█████▀▀░░▄▄░░░▄████████████
█████▀▄░▀░▄▄▀▀░░▀▄░▄▀██████
█████░░▀█▀░░▀▀░▄░█▄▄▄▄█████
█████▌▀▄▐▌░█░▀░▀░█░░░░█████
██████▄░░█░░░▀▀░▄▀░▀░██████
████████▄▐▌░▄▄█████████████
███████████████████████████
███████████████████████████
▀█████████████████████████▀
▄█████████████████████████▄
████████████████████▀▀▀░███
████████████████▄░░░░░░░███
█████████████████▀░░░░░▐███
███████████████▀░░░░▄▄░████
█████████████▀░░░░▄████████
██████████▀▀░░░▄███████████
███████▀░░░▄▄██████████████
███▀▀▄▄▄███████▀▀▀▀▀███████
███████▀▀▀▀▀█░░░░░░░░▀█████
██▀▀▀▀░░░░░▄░░░░░░░░░▄░░▀▀█
░░▄░░░░▀▄░░█▄░░░▄▀░▄█░░░░░░
▀▄░▀█▄▄███▄███▄██▄███▄▄▀░▄▀
|ROULETTE
MINES
TOWERS
DICE
CRASH
──── ─── ─
pooya87
Legendary
*
Offline Offline

Activity: 1820
Merit: 2048


Remember tonight for it's the beginning of forever


View Profile
May 06, 2019, 05:03:05 AM
#14

Even if it *was* legitimate yesterday does not mean it's legitimate today.
There is large github hack / breach from compromised accounts.

https://motherboard.vice.com/en_us/article/vb9v33/github-bitbucket-repositories-ransomware

-Dave

FWIW this issue is because of wrong usage of git by those "developers". basically they were all storing their credentials in plaintext inside their .git/config which they should never do and also that folder which should not be accessible to anyone was easily obtained!
this is not new either. it has been an issue for years. here is a 2015 article: https://en.internetwache.org/dont-publicly-expose-git-or-how-we-downloaded-your-websites-sourcecode-an-analysis-of-alexas-1m-28-07-2015/

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!