GitHub Comments Abused to Spread Malware in Fake Microsoft Repositories

McAfee cybersecurity researchers have discovered a malicious scheme exploiting GitHub’s comment section, where threat actors host malware and disguise download links as legitimate Microsoft repositories.  This incident reminds me of a similar event that occurred in June 2027, during which Russian hackers exploited the comment section of Britney Spears’ Instagram profile to host malware. According to McAfee, cybercriminals have been exploiting GitHub’s file upload logic since February 2024 to host and distribute malware through automatically generated download links containing the repository owner’s name and ownership details.

Source: HackRead

 


Date:

Categorie(s):