핵심 요약
🚨 22개 레포가 현재 default branch에 멀웨어 살아있음 — 즉시 정리 필요
주로 FINGU-GRINDA(15) / jodal-eval-ai(5) / Solab-Grinda(2). Semgrep custom Shai-Hulud rule이 잡아낸 obfuscated-js / folderOpen-binary-exec / allowAutomaticTasks 패턴.
⚠ 53개 레포는 cleanup 완료됐지만 git history에 흔적 남음
이미 머지 후 별도 cleanup commit으로 정리됨. 그러나 commit object는 GitHub에 영구 보관 — 과거 시점 체크아웃하면 멀웨어 재활성화 가능. 의심 commit author 추적 필요.
발견된 패턴 분포
20
obfuscated-js-global-bang
global['!']=... Mini Shai-Hulud payload entry marker. 실제 난독화 멀웨어 코드 시그니처.6
vscode-folderopen-binary-exec
node ./*.woff2 폰트 파일을 node로 실행. folderOpen 트리거 + hide:true.6
vscode-allow-automatic-tasks
"task.allowAutomaticTasks": true — 자동 task 실행 활성화 스위치.0
install-script-bun-runtime
preinstall: bun run ... Bun 런타임으로 정적 분석 우회.조직별 영향 레포
FINGU-GRINDA 15 현재 감염 · 53 cleanup 완료 · 68 총 영향
| 레포 | 상태 | CRIT | 패턴 | 샘플 경로 |
|---|---|---|---|---|
paperclip |
CURRENTLY INFECTED | 3 | vscode-allow-automatic-tasksvscode-folderopen-binary-exec |
FINGU-GRINDA_paperclip/.vscode/settings.json:5FINGU-GRINDA_paperclip/.vscode/tasks.json:16FINGU-GRINDA_paperclip/.vscode/tasks.json:16 |
rinda-globe-dashboard |
CURRENTLY INFECTED | 3 | vscode-allow-automatic-tasksvscode-folderopen-binary-exec |
FINGU-GRINDA_rinda-globe-dashboard/.vscode/settings.json:5FINGU-GRINDA_rinda-globe-dashboard/.vscode/tasks.json:16FINGU-GRINDA_rinda-globe-dashboard/.vscode/tasks.json:16 |
RINDA-eXpert |
CURRENTLY INFECTED | 1 | obfuscated-js-global-bang |
FINGU-GRINDA_RINDA-eXpert/postcss.config.js:6 |
ai-viral-video |
CURRENTLY INFECTED | 1 | obfuscated-js-global-bang |
FINGU-GRINDA_ai-viral-video/frontend/postcss.config.js:6 |
bolt-lbm-autopilot |
CURRENTLY INFECTED | 1 | obfuscated-js-global-bang |
FINGU-GRINDA_bolt-lbm-autopilot/tailwind.config.js:12 |
eodisalji-mobile-ui |
CURRENTLY INFECTED | 1 | obfuscated-js-global-bang |
FINGU-GRINDA_eodisalji-mobile-ui/tailwind.config.js:59 |
gemini-fullstack-langgraph-quickstart |
CURRENTLY INFECTED | 1 | obfuscated-js-global-bang |
FINGU-GRINDA_gemini-fullstack-langgraph-quickstart/frontend/eslint.config.js:31 |
keyword-ga-in |
CURRENTLY INFECTED | 1 | obfuscated-js-global-bang |
FINGU-GRINDA_keyword-ga-in/frontend/tailwind.config.js:28 |
korean-lead-manager |
CURRENTLY INFECTED | 1 | obfuscated-js-global-bang |
FINGU-GRINDA_korean-lead-manager/client/postcss.config.js:6 |
lead-hunter |
CURRENTLY INFECTED | 1 | obfuscated-js-global-bang |
FINGU-GRINDA_lead-hunter/frontend/postcss.config.js:6 |
lead-hunter2 |
CURRENTLY INFECTED | 1 | obfuscated-js-global-bang |
FINGU-GRINDA_lead-hunter2/frontend/postcss.config.js:6 |
mm-rag-openai |
CURRENTLY INFECTED | 1 | obfuscated-js-global-bang |
FINGU-GRINDA_mm-rag-openai/frontend/postcss.config.js:6 |
ocr-colpali-modal |
CURRENTLY INFECTED | 1 | obfuscated-js-global-bang |
FINGU-GRINDA_ocr-colpali-modal/no-ocr-ui/tailwind.config.js:22 |
rinda-growth-copilot |
CURRENTLY INFECTED | 1 | obfuscated-js-global-bang |
FINGU-GRINDA_rinda-growth-copilot/postcss.config.js:6 |
statistic |
CURRENTLY INFECTED | 1 | obfuscated-js-global-bang |
FINGU-GRINDA_statistic/eslint.config.js:26 |
EmailScraperPro |
CLEANED (history) | 0 | history-only | (default branch clean) |
Excel-VLM-Query |
CLEANED (history) | 0 | history-only | (default branch clean) |
LongToShorts |
CLEANED (history) | 0 | history-only | (default branch clean) |
Manufacture-Excel-RAG-v2 |
CLEANED (history) | 0 | history-only | (default branch clean) |
Manufacture-Excel-RAG |
CLEANED (history) | 0 | history-only | (default branch clean) |
Rag-agent-streamlit-demo |
CLEANED (history) | 0 | history-only | (default branch clean) |
Served-Models |
CLEANED (history) | 0 | history-only | (default branch clean) |
agents_interface |
CLEANED (history) | 0 | history-only | (default branch clean) |
ai-shorts-generator-hanwool |
CLEANED (history) | 0 | history-only | (default branch clean) |
analytics-reporting-automation |
CLEANED (history) | 0 | history-only | (default branch clean) |
b2b-lead-finder |
CLEANED (history) | 0 | history-only | (default branch clean) |
bnk-demo-app |
CLEANED (history) | 0 | history-only | (default branch clean) |
bnk-translation-finetuning |
CLEANED (history) | 0 | history-only | (default branch clean) |
bnk_10k_rag_agent |
CLEANED (history) | 0 | history-only | (default branch clean) |
c-out-scraper |
CLEANED (history) | 0 | history-only | (default branch clean) |
cold-email-orchestrator |
CLEANED (history) | 0 | history-only | (default branch clean) |
cpp-aws-db-actions |
CLEANED (history) | 0 | history-only | (default branch clean) |
demo-jd-pdf-llm |
CLEANED (history) | 0 | history-only | (default branch clean) |
dir-to-db |
CLEANED (history) | 0 | history-only | (default branch clean) |
excel-agent |
CLEANED (history) | 0 | history-only | (default branch clean) |
fingu-tips-rnd-evaluation |
CLEANED (history) | 0 | history-only | (default branch clean) |
gen-doc-demo |
CLEANED (history) | 0 | history-only | (default branch clean) |
getxapi-cli |
CLEANED (history) | 0 | history-only | (default branch clean) |
gold-app |
CLEANED (history) | 0 | history-only | (default branch clean) |
grinda-mcp |
CLEANED (history) | 0 | history-only | (default branch clean) |
gtm-db-automation |
CLEANED (history) | 0 | history-only | (default branch clean) |
hanalang-react-csr |
CLEANED (history) | 0 | history-only | (default branch clean) |
kabu-meister-backend |
CLEANED (history) | 0 | history-only | (default branch clean) |
kabutan-scraper |
CLEANED (history) | 0 | history-only | (default branch clean) |
kabutan-search |
CLEANED (history) | 0 | history-only | (default branch clean) |
kauka-landing-page |
CLEANED (history) | 0 | history-only | (default branch clean) |
korean-ocr-pipeline |
CLEANED (history) | 0 | history-only | (default branch clean) |
leads-db-proxy |
CLEANED (history) | 0 | history-only | (default branch clean) |
lobe-chat |
CLEANED (history) | 0 | history-only | (default branch clean) |
mm-rag-search |
CLEANED (history) | 0 | history-only | (default branch clean) |
model-deployment |
CLEANED (history) | 0 | history-only | (default branch clean) |
moltbot-sandbox |
CLEANED (history) | 0 | history-only | (default branch clean) |
moltbot-sandbox2 |
CLEANED (history) | 0 | history-only | (default branch clean) |
opportunity-dashboard |
CLEANED (history) | 0 | history-only | (default branch clean) |
paddle-table-pipeline |
CLEANED (history) | 0 | history-only | (default branch clean) |
paperclip2 |
CLEANED (history) | 0 | history-only | (default branch clean) |
paperclip3 |
CLEANED (history) | 0 | history-only | (default branch clean) |
primegate_research |
CLEANED (history) | 0 | history-only | (default branch clean) |
rag-excel-cloud |
CLEANED (history) | 0 | history-only | (default branch clean) |
rinda-claude-agent-monitor |
CLEANED (history) | 0 | history-only | (default branch clean) |
rinda-email-extension |
CLEANED (history) | 0 | history-only | (default branch clean) |
rinda-i18n-tools |
CLEANED (history) | 0 | history-only | (default branch clean) |
rinda-mcp-enrichment |
CLEANED (history) | 0 | history-only | (default branch clean) |
rinda-mobile-expo-app |
CLEANED (history) | 0 | history-only | (default branch clean) |
rinda-paperclip |
CLEANED (history) | 0 | history-only | (default branch clean) |
rinda-promotion-landing |
CLEANED (history) | 0 | history-only | (default branch clean) |
rtt_small_model_fine_tuning |
CLEANED (history) | 0 | history-only | (default branch clean) |
scraper-server |
CLEANED (history) | 0 | history-only | (default branch clean) |
jodal-eval-ai 5 현재 감염 · 0 cleanup 완료 · 5 총 영향
| 레포 | 상태 | CRIT | 패턴 | 샘플 경로 |
|---|---|---|---|---|
hwp-parser-lib |
CURRENTLY INFECTED | 4 | obfuscated-js-global-bangvscode-allow-automatic-tasksvscode-folderopen-binary-exec |
jodal-eval-ai_hwp-parser-lib/.vscode/settings.json:5jodal-eval-ai_hwp-parser-lib/.vscode/tasks.json:16jodal-eval-ai_hwp-parser-lib/.vscode/tasks.json:16 |
jobaksa_ai |
CURRENTLY INFECTED | 4 | obfuscated-js-global-bangvscode-allow-automatic-tasksvscode-folderopen-binary-exec |
jodal-eval-ai_jobaksa_ai/.vscode/settings.json:5jodal-eval-ai_jobaksa_ai/.vscode/tasks.json:16jodal-eval-ai_jobaksa_ai/.vscode/tasks.json:16 |
jodal-hwp-parser |
CURRENTLY INFECTED | 4 | obfuscated-js-global-bangvscode-allow-automatic-tasksvscode-folderopen-binary-exec |
jodal-eval-ai_jodal-hwp-parser/.vscode/settings.json:5jodal-eval-ai_jodal-hwp-parser/.vscode/tasks.json:16jodal-eval-ai_jodal-hwp-parser/.vscode/tasks.json:16 |
pps-mono-repo |
CURRENTLY INFECTED | 2 | obfuscated-js-global-bang |
jodal-eval-ai_pps-mono-repo/apps/eval-system/frontend/postcss.config.mjs:11jodal-eval-ai_pps-mono-repo/apps/rfp-gen/frontend/postcss.config.mjs:11 |
jodal-rfp-review-ai |
CURRENTLY INFECTED | 1 | obfuscated-js-global-bang |
jodal-eval-ai_jodal-rfp-review-ai/postcss.config.mjs:10 |
Solab-Grinda 2 현재 감염 · 0 cleanup 완료 · 2 총 영향
| 레포 | 상태 | CRIT | 패턴 | 샘플 경로 |
|---|---|---|---|---|
rag-chatbot |
CURRENTLY INFECTED | 4 | obfuscated-js-global-bangvscode-allow-automatic-tasksvscode-folderopen-binary-exec |
Solab-Grinda_rag-chatbot/.vscode/settings.json:5Solab-Grinda_rag-chatbot/.vscode/tasks.json:16Solab-Grinda_rag-chatbot/.vscode/tasks.json:16 |
next-meister |
CURRENTLY INFECTED | 1 | obfuscated-js-global-bang |
Solab-Grinda_next-meister/postcss.config.mjs:12 |
권장 조치
P0 — 현재 감염 22개 레포: 즉시 cleanup
fingu-tips PR #65 패턴 그대로: .vscode/ + public/fonts/(또는 페이로드 위치) 통째로 삭제하는 PR 생성 + 머지. 머지 후 모든 개발자는 git pull --ff-only 필수.
P1 — history 잔존 53개 레포: 정책 강제
이미 default branch는 깨끗하지만 commit object 영구 보관. 의심 commit author(예: sourcehatchery@gmail.com) 추적, 해당 commit SHA를 신뢰하는 git ref 의존성이 다른 곳에 있는지 grep. git filter-repo 또는 git replace로 흔적 제거 검토 (다만 모든 fork 동기화 필요).
장기 — org-wide 자동 차단
OSS 도구 의사결정 매트릭스의 1위 추천(Semgrep + Gitleaks + Trivy + Zizmor) GH Action을 org-level required workflow로 강제. PR 단계에서 동일 패턴 자동 차단.