{"id":13184,"date":"2025-03-06T15:34:53","date_gmt":"2025-03-06T12:34:53","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=13184"},"modified":"2025-03-06T15:34:53","modified_gmt":"2025-03-06T12:34:53","slug":"malicious-code-in-github","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/malicious-code-in-github\/13184\/","title":{"rendered":"GitHub&#8217;da k\u00f6t\u00fc ama\u00e7l\u0131 kod: Bilgisayar korsanlar\u0131 programc\u0131lar\u0131 nas\u0131l hedef al\u0131yor?"},"content":{"rendered":"<p>Bir yere gitmek istedi\u011finizde, her seferinde tekerle\u011fi yeniden icat etmeniz ve s\u0131f\u0131rdan bir bisiklet yapman\u0131z gereken bir d\u00fcnya hayal edebiliyor musunuz? Biz de edemiyoruz. Zaten var olan ve m\u00fckemmel \u00e7al\u0131\u015fan bir \u015feyi neden yeniden icat edelim? Ayn\u0131 mant\u0131k programlama i\u00e7in de ge\u00e7erlidir: Geli\u015ftiriciler her g\u00fcn rutin g\u00f6revlerle kar\u015f\u0131la\u015f\u0131rlar ve kendi tekerleklerini ve bisikletlerini icat etmek yerine (ki bu bile yeterli olmayabilir), a\u00e7\u0131k kaynakl\u0131 GitHub depolar\u0131ndan haz\u0131r <span style=\"text-decoration: line-through\">bisiklet<\/span> kodlar\u0131 al\u0131rlar.<\/p>\n<p>Bu \u00e7\u00f6z\u00fcm, <em>d\u00fcnyan\u0131n en iyi \u00fccretsiz a\u00e7\u0131k kaynak kodunu<\/em> sald\u0131r\u0131lar i\u00e7in yem olarak kullanan su\u00e7lular da dahil olmak \u00fczere herkes taraf\u0131ndan kullan\u0131labilir. Bunu destekleyen pek \u00e7ok kan\u0131t var ve i\u015fte en sonuncusu: Uzmanlar\u0131m\u0131z GitHub kullan\u0131c\u0131lar\u0131n\u0131 hedef alan GitVenom adl\u0131 aktif bir k\u00f6t\u00fc ama\u00e7l\u0131 sald\u0131r\u0131y\u0131 ortaya \u00e7\u0131kard\u0131.<\/p>\n<h2><strong>GitVenom Nedir?<\/strong><\/h2>\n<p>GitVenom, bilinmeyen akt\u00f6rlerin; Telegram botlar\u0131, Valorant oyununu hacklemek i\u00e7in ara\u00e7lar, Instagram otomasyon yard\u0131mc\u0131 programlar\u0131 ve Bitcoin c\u00fczdan y\u00f6neticileri gibi k\u00f6t\u00fc ama\u00e7l\u0131 kod i\u00e7eren sahte projelerle 200\u2019den fazla depo olu\u015fturdu\u011fu k\u00f6t\u00fc ama\u00e7l\u0131 kampanyaya verdi\u011fimiz isimdir. \u0130lk bak\u0131\u015fta, t\u00fcm depolar yasal g\u00f6r\u00fcn\u00fcr. \u00d6zellikle etkileyici olan, iyi tasarlanm\u0131\u015f README.MD dosyas\u0131n\u0131n (kodla nas\u0131l \u00e7al\u0131\u015f\u0131laca\u011f\u0131na dair bir k\u0131lavuz), birden fazla dilde ayr\u0131nt\u0131l\u0131 talimatlara sahip olmas\u0131d\u0131r. Buna ek olarak sald\u0131rganlar, depolar\u0131na birden fazla etiket eklemi\u015fler.<\/p>\n<div id=\"attachment_13186\" style=\"width: 1232px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2025\/03\/06150030\/malicious-code-in-github-01.png\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-13186\" class=\"wp-image-13186 size-full\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2025\/03\/06150030\/malicious-code-in-github-01.png\" alt=\"Sald\u0131rganlar birden fazla dilde ayr\u0131nt\u0131l\u0131 talimatlar yazmak i\u00e7in yapay zeka kulland\u0131.\" width=\"1222\" height=\"1039\"><\/a><p id=\"caption-attachment-13186\" class=\"wp-caption-text\">Sald\u0131rganlar birden fazla dilde ayr\u0131nt\u0131l\u0131 talimatlar yazmak i\u00e7in yapay zeka kulland\u0131.<\/p><\/div>\n<p>Bu depolar\u0131n g\u00f6r\u00fcn\u00fcrdeki me\u015fruiyetini peki\u015ftiren bir di\u011fer g\u00f6sterge de \u00e7ok say\u0131daki taahh\u00fct. Sald\u0131rganlar\u0131n depolar\u0131nda bunlardan on binlerce var. Sald\u0131rganlar elbette ki 200 deponun her birini \u00f6zg\u00fcnl\u00fc\u011f\u00fc korumak i\u00e7in manuel olarak g\u00fcncellemiyor, sadece birka\u00e7 dakikada bir g\u00fcncellenen zaman damgas\u0131 dosyalar\u0131n\u0131 kullan\u0131yorlard\u0131. Ayr\u0131nt\u0131l\u0131 dok\u00fcmantasyon ve \u00e7ok say\u0131da taahh\u00fct kombinasyonu, kodun orijinal ve kullan\u0131m\u0131n\u0131n g\u00fcvenli oldu\u011fu yan\u0131lsamas\u0131n\u0131 yarat\u0131yordu.<\/p>\n<h2><strong>GitVenom: \u0130ki y\u0131l s\u00fcren etkinlik<\/strong><\/h2>\n<p>Kampanya uzun zaman \u00f6nce ba\u015flam\u0131\u015f; buldu\u011fumuz en eski sahte depo yakla\u015f\u0131k iki y\u0131ll\u0131k. Bu arada GitVenom; Rusya, Brezilya, T\u00fcrkiye ve di\u011fer \u00fclkelerdeki geli\u015ftiricileri de etkiledi. Sald\u0131rganlar \u00e7ok \u00e7e\u015fitli programlama dillerini kullanm\u0131\u015f: Python, JavaScript, C, C# ve C++ depolar\u0131nda k\u00f6t\u00fc ama\u00e7l\u0131 kodlar bulundu.<\/p>\n<p>Bu projelerin i\u015flevselli\u011fi ile ilgili olarak, README dosyas\u0131nda a\u00e7\u0131klanan \u00f6zellikler ger\u00e7ek kodla bile e\u015fle\u015fmedi; ger\u00e7ekte, kod iddia etti\u011fi \u015feylerin yar\u0131s\u0131n\u0131 yapm\u0131yor. Ancak bunun \u201csayesinde\u201d kurbanlar k\u00f6t\u00fc ama\u00e7l\u0131 bile\u015fenleri indirmeye ba\u015fl\u0131yorlar. \u0130\u015fte baz\u0131lar\u0131:<\/p>\n<ul>\n<li><strong>js<\/strong> <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/trojan-psw-psw-password-stealing-ware\/\" target=\"_blank\" rel=\"noopener\"><strong>h\u0131rs\u0131z\u0131<\/strong><\/a>: Kullan\u0131c\u0131 adlar\u0131n\u0131 ve parolalar\u0131, kripto c\u00fczdan verilerini ve taray\u0131c\u0131 ge\u00e7mi\u015fini toplar, \u00e7al\u0131nan verileri bir .7z ar\u015fivinde paketler ve Telegram arac\u0131l\u0131\u011f\u0131yla sald\u0131rganlara g\u00f6nderir.<\/li>\n<li><strong>AsyncRAT: <\/strong>Tu\u015f kaydedici olarak da i\u015flev g\u00f6rebilen a\u00e7\u0131k kaynakl\u0131 bir <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/remote-access-trojan-rat\/\" target=\"_blank\" rel=\"noopener\">uzaktan y\u00f6netim Truva at\u0131d\u0131r<\/a>.<\/li>\n<li><strong>Quasar<\/strong>: A\u00e7\u0131k kaynakl\u0131 bir <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/backdoor\/\" target=\"_blank\" rel=\"noopener\">arka kap\u0131d\u0131r<\/a>.<\/li>\n<li><strong>K\u0131rp\u0131c\u0131<\/strong>: Panoda kripto c\u00fczdan adreslerini arar ve bunlar\u0131 sald\u0131rgan kontrol\u00fcndeki adreslerle de\u011fi\u015ftirir. \u00d6zellikle, Kas\u0131m 2024\u2019te, bu sald\u0131r\u0131da kullan\u0131lan hacker c\u00fczdan\u0131 tek seferlik yakla\u015f\u0131k 5 BTC (\u00e7al\u0131\u015fman\u0131n yap\u0131ld\u0131\u011f\u0131 tarihte yakla\u015f\u0131k 392.000 ABD Dolar\u0131) depozito alm\u0131\u015ft\u0131r.<\/li>\n<\/ul>\n<p>Bu k\u00f6t\u00fc ama\u00e7l\u0131 kampanyan\u0131n ayr\u0131nt\u0131lar\u0131 hakk\u0131nda daha fazla bilgiyi SecureList\u2019te yay\u0131nlanan <a href=\"https:\/\/securelist.com\/gitvenom-campaign\/115694\/\" target=\"_blank\" rel=\"noopener\">ara\u015ft\u0131rmam\u0131zda<\/a> bulabilirsiniz.<\/p>\n<h2><strong>GitHub\u2019da kendinizi k\u00f6t\u00fc ama\u00e7l\u0131 kodlardan nas\u0131l korursunuz?<\/strong><\/h2>\n<p>K\u0131sacas\u0131, en iyi savunma uyan\u0131k olmakt\u0131r. <a href=\"https:\/\/github.blog\/news-insights\/company-news\/100-million-developers-and-counting\/\" target=\"_blank\" rel=\"nofollow noopener\">100 milyondan fazla geli\u015ftirici GitHub\u2019\u0131 kulland\u0131\u011f\u0131ndan<\/a>, sald\u0131rganlar muhtemelen bu pop\u00fcler platform arac\u0131l\u0131\u011f\u0131yla k\u00f6t\u00fc ama\u00e7l\u0131 kod yaymaya devam edeceklerdir. Tek soru bunu nas\u0131l yapacaklar\u0131; on y\u0131l \u00f6nce kimse sald\u0131rganlar\u0131n GitVenom gibi sald\u0131r\u0131lar\u0131 bu kadar uzun s\u00fcre ve bu kadar \u0131srarla y\u00fcr\u00fctebileceklerini hayal etmiyordu. Bu nedenle, her geli\u015ftirici GitHub ile \u00e7al\u0131\u015f\u0131rken siber g\u00fcvenlik hijyenini korumal\u0131d\u0131r.<\/p>\n<ul>\n<li>Kodu, var olan bir projeye entegre etmeden \u00f6nce, <strong>analiz edin<\/strong>.<\/li>\n<li>Hem bilgisayarlarda hem de ak\u0131ll\u0131 telefonlarda <a href=\"https:\/\/www.kaspersky.com.tr\/premium?icid=tr_bb2023-kdplacehd_acq_ona_smm__onl_b2c_kdaily_lnk_sm-team___kprem___\" target=\"_blank\" rel=\"noopener\">k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m korumas\u0131<\/a>\u00a0<strong>kullan\u0131n<\/strong>.<\/li>\n<li><strong>Kolay tespit edilemeyecek t\u00fcrden g\u00f6stergeleri dikkatlice kontrol edin<\/strong>: Kat\u0131l\u0131mc\u0131 hesaplar\u0131, y\u0131ld\u0131z say\u0131s\u0131 (be\u011feniler) ve proje olu\u015fturma tarihine dikkat edin. Hesap \u00fc\u00e7 g\u00fcn \u00f6nce, depo iki g\u00fcn \u00f6nce olu\u015fturulmu\u015fsa ve yaln\u0131zca bir y\u0131ld\u0131z\u0131 varsa, projenin sahte ve kodun k\u00f6t\u00fc ama\u00e7l\u0131 olma ihtimali y\u00fcksektir.<\/li>\n<li>Sohbetlerde, \u015f\u00fcpheli kanallarda veya do\u011frulanmam\u0131\u015f web sitelerinde payla\u015f\u0131lan <strong>do\u011frudan GitHub ba\u011flant\u0131lar\u0131ndan dosya indirmeyin<\/strong>.<\/li>\n<li><strong>\u015e\u00fcpheli bir depo bulursan\u0131z, <\/strong><a href=\"https:\/\/docs.github.com\/en\/communities\/maintaining-your-safety-on-github\/reporting-abuse-or-spam\" target=\"_blank\" rel=\"nofollow noopener\"><strong>GitHub\u2019a bildirin<\/strong><\/a>. Bu, <a href=\"https:\/\/www.kaspersky.com.tr\/premium?icid=tr_bb2023-kdplacehd_acq_ona_smm__onl_b2c_kdaily_lnk_sm-team___kprem___\" target=\"_blank\" rel=\"noopener\">g\u00fcvenilir bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc<\/a>\u00a0ile korunmayan ba\u015fkalar\u0131n\u0131n cihazlar\u0131n\u0131 kurtarabilir.<\/li>\n<\/ul>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"premium-geek\">\n","protected":false},"excerpt":{"rendered":"<p>GitHub&#8217;da sahte projeler i\u00e7eren 200&#8217;den fazla depo ke\u015ffettik. Sald\u0131rganlar bu depolar\u0131 kullanarak h\u0131rs\u0131zlar\u0131, k\u0131rp\u0131c\u0131lar\u0131 ve arka kap\u0131lar\u0131 da\u011f\u0131t\u0131yorlar.<\/p>\n","protected":false},"author":312,"featured_media":13185,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1351],"tags":[1781,1894,728,1831],"class_list":{"0":"post-13184","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-acik-kaynak","9":"tag-github","10":"tag-kotu-amacli-yazilim","11":"tag-kripto-paralar"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/malicious-code-in-github\/13184\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/malicious-code-in-github\/28617\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/malicious-code-in-github\/23858\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/malicious-code-in-github\/12298\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/malicious-code-in-github\/28736\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/malicious-code-in-github\/27971\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/malicious-code-in-github\/30789\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/malicious-code-in-github\/29483\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/malicious-code-in-github\/39126\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/malicious-code-in-github\/53085\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/malicious-code-in-github\/22611\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/malicious-code-in-github\/23487\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/malicious-code-in-github\/31976\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/malicious-code-in-github\/28856\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/malicious-code-in-github\/34685\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/malicious-code-in-github\/34316\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/github\/","name":"github"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/13184","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/312"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=13184"}],"version-history":[{"count":8,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/13184\/revisions"}],"predecessor-version":[{"id":13188,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/13184\/revisions\/13188"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/13185"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=13184"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=13184"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=13184"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}