Bleeping Computer

GitHub comments abused to push malware via Microsoft repo URLs

A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. While most ...
Bleeping Computer

GitHub comments abused to push password stealing malware masked as fixes

GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. The campaign was first reported by a contributor to the teloxide rust ...
TechRadar

This new phishing strategy utilizes GitHub comments to distribute malware

Github repositories are being infected with malware Trusted repositories can bypass secure web gateways Github comments are also being used to hide malicious files In a new phishing campaign detected ...
Dark Reading

Hackers Hide Remcos RAT in GitHub Repository Comments

Trusted and widely used software development and collaboration platforms like GitHub and GitLab have become both targets of and vehicles for a growing range of malicious activity. The latest ...