GitHub Copilot gains extensions as GitHub and FileZilla face malware exploits

As GitHub Copilot gains extensions, GitHub and FileZilla face malware exploits

GitHub Copilot gains extensions as GitHub and FileZilla face malware exploits As a tech journalist, Zul focuses on topics including cloud computing, cybersecurity, and disruptive technology in the enterprise industry. He has expertise in moderating webinars and presenting content on video, in addition to having a background in networking technology.

GitHub has announced a new feature that enables developers to extend Copilot with third-party skills, providing an extra layer of customisation.

At this year’s Build conference, it announced the acquisition of a conversational assistant tool company called Semantic Machines to help enhance its products. GitHub’s “AI pair programming tool,” Copilot, also grabbed significant attention with the launch of its Copilot Extension. This new feature allows developers to extend Copilot with third-party skills, providing a handy addition that offers an extra layer of customisation and added utility.

This launch has attracted a broad spectrum of partners including DataStax, Docker, LambdaTest, LaunchDarkly, McKinsey & Company, Microsoft Azure and Teams, MongoDB, Octopus Deploy, Pangea, Pinecone, Product Science, ReadMe, Sentry, and Stripe.

In a blog post, SVP for Product at GitHub, Mario Rodriguez, said: “Our goal: make GitHub Copilot the most integrated, powerful, intelligent AI platform there is – with unlimited possibilities to accelerate human progress.”

Rodriguez added, “Programming in natural language will continue to lower the barrier to entry for anyone who wants to build software. Today, we are closer to a future where one billion people can build on GitHub, with Copilot as an intelligent platform that integrates with any tool in the developer tech stack, entirely in natural language.”

Available in the GitHub Marketplace, these extensions also give developers the ability to craft private extensions customised to their own systems and APIs. This adaptability is intended to support developers in preserving their workflow and seamlessly interacting with various systems in natural language, eliminating the need for context switching.

For example, users of the Octopus deployment tool can check the state of their deployments through a Copilot extension, while Sentry users can resolve issues in their deployment pipelines and DataStax users can interact with their databases, all in natural language.

Currently in private preview, Copilot Extensions are set to see an expansion in the future. Developers can access and employ these extensions through the GitHub Marketplace and make use of them in GitHub Copilot Chat on, Visual Studio, and VS Code.

Security concerns: The dark side of open platforms

Despite these advancements, The Hacker News has reported that GitHub has found itself in the spotlight for a less favourable reason: cybercriminals exploiting GitHub, along with FileZilla, to deliver a “malware cocktail”.

The Insikt Group at Recorded Future has uncovered a ‘multi-faceted campaign’ that leverages legitimate platforms such as GitHub and FileZilla to deploy stealer malware and banking trojans, such as Atomic (aka AMOS), Vidar, Lumma (aka LummaC2), and Octo, which pose as reputable software like 1Password, Bartender 5, and Pixelmator Pro.

Known as GitCaught, this campaign emphasises the abuse of genuine internet services to launch cyberattacks, using multiple malware variants aimed at Android, macOS, and Windows to enhance effectiveness. It involves creating fake profiles and repositories on GitHub, which contain counterfeit versions of well-known software intended to steal sensitive data from devices. These harmful files are then spread via malvertising and SEO poisoning campaigns.

It is suspected that Russian-speaking threat actors from the Commonwealth of Independent States (CIS) have also utilised FileZilla servers to manage and disseminate malware.

Further investigations have linked the disk image files on GitHub and the associated infrastructure to a larger campaign aiming to deliver malware like RedLine, Lumma, Raccoon, Vidar, Rhadamanthys, DanaBot, and DarkComet RAT since at least August 2023.

The Microsoft Threat Intelligence team has also reported that the macOS backdoor, referred to as Activator, continues to be a ‘very active threat.’ This backdoor is frequently distributed through disk image files that imitate cracked versions of legitimate software, and it targets Exodus and Bitcoin-Qt wallet applications to steal data.

Looking to revamp your digital transformation strategy? Learn more about Digital Transformation Week taking place in Amsterdam, California, and London. The comprehensive event is co-located with AI & Big Data ExpoCyber Security & Cloud Expo, and other leading events.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *