Evil Merge: The Git Attack That Hid Malware in Plain Sight for 3.5 Months

A few months ago I was doing a routine check on a codebase I work on and found obfuscated code in a Vite config file. It was sitting right there in vite.config.js , on the same line as the closing }; , but pushed hundreds of characters to the right — way past anything you'd ever see in a diff or an editor without horizontal scrolling. When I traced it back through git log , the commit that introduced it was a merge. Not a regular commit on a feature branch — a merge commit. And that's when things got weird. The merge that shouldn't have changed anything The merge had two parents. I checked the file in both parents — identical. Same content, same MD5 hash: Parent 1: aa82acb0c335430d8300b6cb306dc824 Parent 2: aa82acb0c335430d8300b6cb306dc824 Merge: 2a54754defae4d13aab39f256738dbbf If you know how git merge works, you know this shouldn't happen. When both sides have the same file, git just takes it as-is. There's nothing to merge. The only way to get a different result is to open the file

Evil Merge: The Git Attack That Hid Malware in Plain Sight for 3.5 Months

Related Articles

A YouTuber channeled his distaste for the PS5’s design into slick console covers

I Pushed to Production on a Tuesday. By Thursday, Three Teams Were in a War Room.

Linear types proposal for Hare

Today is the final day to save up to $150 on a PS5 before the price goes up

Scenario Based Questions-Conditional Statements in JS

Related Articles

News
A YouTuber channeled his distaste for the PS5’s design into slick console covers
The Verge • 26m ago

News
I Pushed to Production on a Tuesday. By Thursday, Three Teams Were in a War Room.
Medium Programming • 41m ago

News
Linear types proposal for Hare
Lobsters • 1h ago

News
Today is the final day to save up to $150 on a PS5 before the price goes up
The Verge • 1h ago

News
Scenario Based Questions-Conditional Statements in JS
Dev.to • 1h ago