Toolkit with malware
Event-Stream is a toolkit designed to make it easy to set up streams and was developed by Dominic Tarr. He stopped at some point, although the open-source software was very popular. Three months ago, Tarr transferred the management rights to Event-Stream to someone called Right9ctrl, and at that time the code was infected.
On 9 September, version 3.3.6 of the software was published. It contained an unnecessary module called flatmap-stream. That seems to have been a test to find out if anyone would notice if there was a new module in the software. On 5 October, the flatmap module was then changed to malware. He tried to steal bitcoin wallets and transfer their balance to a server in Kuala Lumpur.
Open source risks
On November 20, developers discovered the malware. Then someone placed questions on GitHub about the new module and especially its functionality. That way, it was discovered that there was malware in the Event-Stream software.
The presence of malware in open-source software will strengthen security experts’ warnings about the use of open-source software in large projects. GitHub has had to deal with problems like this before. This is partly because there are few control mechanisms when people want to transfer their projects.This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.