• About
  • Advertise
  • Careers
  • Contact
Saturday, March 25, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security

Fake Kodi Repos ‘Hijack’ Original GitHub Accounts To Push Updates

by Cyber360 News
November 11, 2019
in Security
0
Fake Kodi Repos ‘Hijack’ Original GitHub Accounts To Push Updates
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

Developers of Kodi add-ons usually host their tools on GitHub. While the popular code repository platform is perfect for development, it has one loophole which has been exploited for quite some time.

When users sign up on GitHub, they’re allocated a unique URL. However, when developers delete their account, their namespace can be used by anyone leading to the generation of the same URL which allows fake Kodi-addons to pull updates that weren’t provided by the original developer.

jamf now

It’s not the first occurrence of this issue, as famous Kodi add-on developer MetalKettle highlighted it years ago. After he deleted his GitHub repo, a third-party signed up on the platform with the same username to obtain the same URL.

This means that the third-party can push updates to users who were using MetalKettle add-ons in their Kodi setup. It is quite dangerous because a previously-trusted URL could easily be replaced by a potentially malicious third-party.

Recently, another such ‘hijacking’ of accounts took place when the popular ’13Clowns’ repo was deleted by its developer. The namespace was quickly taken over by a third party with the same name and, of course, the same URL.

The following images show the difference between the original repo (first) and imposter repo (second).

So, the imposter ’13Clowns’ began sending updates to former users of the original repo. The new updates included a fork of the Exodus add-on along with tools from TVAddons — a controversial Canada-based Kodi add-on indexing site.

jamf now

In response, GitHub says that its namespace retirement policy can deal with this type of abuse by taking steps against such repos which violate and exploit this loophole.

Meanwhile, developers can protect their repos by not deleting their GitHub accounts and remain in charge of their own repos.

Also Read: How To Fix Kodi Not Working Issues? 5 Troubleshooting Tips
Cyber360 News

Cyber360 News

Next Post
The Pirate Bay Users Targeted By Russian Doll ‘PirateMatryoshka’ Malware

The Pirate Bay Users Targeted By Russian Doll ‘PirateMatryoshka’ Malware

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In