Open source software in bitcoin mining code
In the past few years, there are a variety of unconventional bitcoin creative mining methods, including the related code embedded into the smart lamp and web browsers. But now, another kind of new malicious methods began to appear: bitcoin mining code secretly added to the open source software.
If successful, this means that any attack to download the users of open source software, the computer can run in imperceptibly bitcoin mining code and consumption of computing power and power generation bitcoin as an attacker. Up to now, 1 bitcoin worth more than $1000. Please remind E security alert!
The following is E security currently collected information. On the weekend, Russia open source developers AlexeyPalazhchenko tweeted that his online library received a GitHub from a mysterious account request, add code to the project requirements.
Palazhchenko said in reply, “my project has actually been few contributors, of course I want to increase the number of contributors to this situation, so I started optimism: Wow, a new contributor is great, but the other initiative is required to participate in.”
However, in the examination of the account, he found that the other party has banned by GitHub. He wrote, which made him suspicious.
Developers will use the Pull request (Pullrequest) for the code added to the objectives of the project and need approval by the editor of code can be realized. He wrote, “I could not accept such a contribution. My code base size is very small, and in other areas.” Basically, his project is small and no connection with bitcoin, so the request would be shelved.
Palazhchenko in Drone (a continuous integration tool that allows developers to own instant code fragments are updated, so as to analyze and update each Bug and chat room users) developers to share his experience.
In the chat, Drone co-founder BradRydzewski Pull wrote, the request is automatically performed by the robot’s malicious behavior is likely to belong to a class, try to secretly add code:
“A few years ago, a group of bitcoin miners began to write for GitHub and Drone users to create ID scripts, and to submit false bitcoin mining…… This experience makes me better at detecting this type of malicious activity.”
The interview request Rydzewski did not reply to the foreign media. In GitHub the contact, we confirm the account by a dedicated bitcoin mining code to the open source project of the robot is responsible for the operation. In other words, GitHub has carried on the ban, and had also banned other similar robots.
GitHub spokesman in an e-mail statement said, “our team is aware of this problem and to disable the corresponding code library. We are actively cooperate with the continuous integration of community, to discover and solve these problems.”
The code will be added to the software secretly practice course is not good, but the good news is that the code base owner must be approved by the relevant request, this evil purpose can be achieved. If not approved, it will not appear what kind of problem. However, Palazhchenko comrades have been able to find doubts, because the project is small and the circle with relatively simple, other open source projects need to be more vigilant attitude.
Finally, Palazhchenko wrote, “although skeptical, but I think this added bitcoin mining code trick may be more easy to implement in larger code base.”
Original address: http://www.easyaq.com/news/490986605.shtml