GitHub projects targeted with malicious commits to frame researcher
GitHub projects have been targeted with malicious commits and pull requests, in an attempt to inject backdoors into these projects.
Most recently, the GitHub repository of Exo Labs, an AI and machine learning startup, was targeted in the attack, which has left many wondering about the attacker's true intentions.
On Tuesday, Alex Cheema, co-founder of EXO Labs warned everyone of an "innocent looking" code change submitted to EXO's GitHub repository.
The pull request titled "clarify mlx requirement for deepseek models" attempted to modify the models.py Python file in the Exo's code base by adding a sequence of numbers to it:
Backdoor attempt on @exolabs through an innocent looking PR. Read every line of code. Stay safu. pic.twitter.com/M0WHoCF5Mu
These are Unicode numbers, each representing a character. In other words, the plaintext Python code has been converted to its numbers-equivalent form via a simple technique employed by the user submitting the code change.
/cdn.vox-cdn.com/uploads/chorus_asset/file/24937771/DSC02140.JPG)
.png)
