- Malicious commits found in Exo Labs’ GitHub account
- They were submitted, and pointed to, a Texas-based security researcher
- The malware does not exist, and the researcher claims someone is impersonating him
Someone has been breaking into GitHub projects, injecting malicious code, and seemingly trying to discredit a researcher by accusing them of the hack.
Executives from AI and machine learning startup Exo Labs have warned someone tried to submit new changes to the code in the company’s GitHub repository.
The added code was “innocent looking”, and was titled “clarify mlx requirement for deepseek models”, and in order to hide the code from scrutiny, the attacker converted it to a number equivalent. However, the submission was analyzed before being pushed to the repository, and it was quickly discovered that it tried to connect to the evildojo[dot]com, to download the stage one payload. The researchers determined that there was no payload on the server and that it simply returned a 404 error.
Hidden Risk
Drilling deeper into the attack, the researchers discovered that the evildojo domain, as well as the GitHub accounts associated with the attack, all pointed to a researcher named Mike Bell – a security researcher and a white-hat hacker from Texas. He denies any involvement with the attack and claims it was all an attempt to ruin his good name.
“Not me, an impersonator. Notice account deleted. Very sorry people are being dragged into some skid’s beef w/ me,” BleepingComputer cited Bell saying about the attacks. “There was never any payload…why do people keep assuming there was?,” he added.
When questioned about the incident on X, Bell clarified that whoever was behind the attack never got access to his domain, never got the payload on his site, and that all Bell did was “piss someone off, apparently.”
Given that anyone can create a GitHub account impersonating someone else, and since there was no malicious payload or harm caused, the idea of a smear campaign seems plausible—especially since Bell is actively involved in the cybersecurity community, albeit from the opposing side.
Via BleepingComputer