![Backdoored developer tool that stole credentials escaped notice for 3 months](https://whowillcare.net/wp-content/uploads/2021/04/backdoored-developer-tool-that-stole-credentials-escaped-notice-for-3-months.jpg)
Enlarge (credit: Getty Images)
A pile of AWS and other cloud credentials
The Codecov bash uploader performs what is known as code coverage for large-scale software development projects. It allows developers to send coverage reports that, among other things, determine how much of a codebase has been tested by internal test scripts. Some development projects integrate Codecov and similar third-party services into their platforms, where there is free access to sensitive credentials that can be used to steal or modify source code.
Read 19 remaining paragraphs | Comments