Twitter user @ Stephen Lacy found that there are large-scale malicious attacks of confusion on GitHub. At present, there are more than 35000 malicious files/clone repositories on GitHub, including well-known projects such as crypto, golang, python, js, bash, docker, and k8s. These malicious files/clone repositories will be accompanied by a line of malicious code: hxxp://ovz1.j19544519.pr46m.vps.myjino [.] ru It not only discloses the user's environment variables, but also contains a one-way backdoor that will send the entire ENV, such as scripts, applications, laptops (electronic applications), to the attacker's server