Malicious Code Discovered in GitHub Project Template Targeting Cryptocurrency Keys

A user on V2EX reported a hidden script in a job application template that steals private keys, prompting action from GitHub and user warnings.

233d ago

Summary

A user on V2EX reported finding malicious code embedded in a GitHub project template, disguised in a logo.png file. The code aims to steal cryptocurrency private keys by executing through config-overrides.js, downloading a trojan that runs at startup. Following the report, V2EX banned the account involved, and GitHub removed the repository. Developers are advised to exercise caution with unknown project sources.

Terms & Concepts

trojan: A type of malware that misleads users of its true intent, often disguising itself as legitimate software.
private keys: Cryptographic keys that allow users to access and manage their cryptocurrency holdings.
config-overrides.js: A JavaScript file used to customize the configuration of projects, which can be exploited to execute malicious code.