articleStartImage

A security notice appeared on GitHub hours ago, informing users that Syscoin’s account was compromised.

“The Blockchain Foundry team received reports of Windows Defender SmartScreen showing the syscoincore-3.0.4-win64-setup.exe by ‘Unknown Publisher’, which led to the investigation of the issue,” the notice reads.

An investigation into the matter revealed that Syscoin’s core software was released with a fake installer that includes a variant of the Win32/Feury virus, which appears to be cataloged by Windows Defender.

When we looked at the page that shows the threat listing on Windows Defender’s site, we couldn’t find anything with regard to how the malware works outside of a boilerplate description that could apply to any virus in existence.

GitHub’s advice includes running an up-to-date virus scanner to remove the threat, although Windows Defender—the very software that cataloged the virus in the first place—doesn’t appear to be effective in removing it. 

Information on forums around the web suggests that Zemana Antimalware and Malwarebytes could work. 

As a consequence of this compromise, Syscoin’s developers will now be required to use two-factor authentication to enter the project’s GitHub repository, and signature hashes will need to be verified on a regular basis.

“Although the issue was detected quickly, we believe that the crypto-community is at risk for a specific type of attack which targets gatekeepers of source code for cryptocurrency projects. We highly recommend that all gatekeepers of software repositories for cryptocurrency projects sign binaries through an official build process like Gitain,” the notice added.

This incident happened just shortly after Microsoft’s acquisition of the platform. The fact that it was resolved so quickly supports the proposition that it’s still business as usual on GitHub.