Github Account of Gentoo Linux Hacked, Code Replaced With Malware

Your daily selection of the hottest trending tech news!

According to The Hacker News (This article and its images were originally posted on The Hacker News June 29, 2018 at 05:02AM.)


Downloaded anything from Gentoo’s GitHub account yesterday?

Consider those files compromised and dump them now—as an unknown group of hackers or an individual managed to gain access to the GitHub account of the Gentoo Linux distribution on Thursday and replaced the original source code with a malicious one.

Gentoo is a free open source Linux or FreeBSD-based distribution built using the Portage package management system that makes it more flexible, easier to maintain, and portable compared to other operating systems.

In a security alert released on its website yesterday, developers of the Gentoo Linux distribution warned users not to use code from its GitHub account, as some “unknown individuals” had gained its control on 28 June at 20:20 UTC and “modified the content of repositories as well as pages there.”

According to Gentoo developer Francisco Blas Izquierdo Riera, after gaining control of the Gentoo Github organization, the attackers “replaced the portage and musl-dev trees with malicious versions of the ebuilds intended to try removing all of your files.”

Ebuild are bash scripts, a format created by the Gentoo Linux project, which automates compilation and installation procedures for software packages, helping the project with its portage software management system.

“We are still working to determine the exact extent and to regain control of the organization and its repositories. All Gentoo code hosted on GitHub should for the moment be considered compromised,” the alert said.

However, Gentoo assured its users that the incident did not affect any code hosted on the Gentoo’s official website or the mirror download servers and that users would be fine as long as they are using rsync or webrsync from gentoo.org.

This is because the master Gentoo ebuild repository is hosted on its own official portal and Github is just a mirror for it.

“Also, the gentoo-mirror repositories including metadata are hosted under a separate Github organisation and likely not affected as well. All Gentoo commits are signed, and you should verify the integrity of the signatures when using git,” the developer said.

In an update later on its website, the organisation said it has regained control of the Gentoo Github Organization, but advised users to continue to refrain from using code from its Github account, as they are still working with Github, which was recently acquired by Microsoft

for US$7.5 billion, on establishing a timeline of what happened.

Continue reading…

  • Got any news, tips or want to contact us directly? Feel free to email us: esistme@gmail.com. To see more posts like this please subscribe to our newsletter by entering your email. By subscribing you’ll receive the top trending news delivered to your inbox.

__

This article and images were originally posted on [The Hacker News] June 29, 2018 at 05:02AM. Credit to Author  and The Hacker News | ESIST.T>G>S Recommended Articles Of The Day.

 

 

 

Advertisements

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.