Malware-Angriff auf GitHub

MarcP · 3. August 2022 um 09:46

Sharing this here to get awareness for devs because Discourse might be using one of the infected repo’s…

Mr.X_Mr.X · 3. August 2022 um 10:23

The infected repos are clones of the originals, the originals are OK.

david · 3. August 2022 um 10:33

We’re not aware of any impact to Discourse or our dependencies.

As @Mr.X_Mr.X mentioned, the tweet author has admitted that the findings were limited to forks/clones, rather than the true versions of dependencies:

MarcP · 3. August 2022 um 10:38

Ah that is good to know. Better safe then sorry, haha. Felt this was a place where devs at least should be aware of the malware.

miss · 3. August 2022 um 11:15

Welcome to internet!

Thema		Antworten	Aufrufe
Vulnerabilities in the official Docker image Dev	1	791	19. Mai 2023
Discourse updates - Microsoft Defender reports detection of Wacatac malware Support	7	128	4. Februar 2025
Third-party plugin repository hijacked Support	16	505	19. August 2025
Sucuri reports a malware infection? Support	6	2390	8. Juni 2024
Npm packages name and version reported in vulnerability Support	5	133	13. Dezember 2024