Malware-laced GitHub repositories using popular names and topics are being advanced by threat actors through automated updates and fraudulent stars meant to manipulate the leading software developer platform’s search rankings as part of a new open-source supply chain attack, The Hacker News reports. Attackers have disguised most of the malicious repositories as projects related to tools, video games, and cheats, some of which triggered an encrypted file with an enlarged executable aimed at deploying malware akin to the Keyzetsu clipper while bypassing antivirus detection, according to a report from Checkmarx.

Source: SC Magazine