GitHub comments used to distribute malware (BleepingComputer)
source link: https://lwn.net/Articles/971008/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
GitHub comments used to distribute malware (BleepingComputer) [LWN.net]
GitHub comments used to distribute malware (BleepingComputer)
BleepingComputer reported on April 20 that some malware was being distributed via GitHub. Uploading files as part of a comment gives them a URL that appears to be associated with a repository, even if the comment is never posted.
A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy.
While most of the malware activity has been based around the Microsoft GitHub URLs, this "flaw" could be abused with any public repository on GitHub, allowing threat actors to create very convincing lures.
(Log in to post comments)
Copyright © 2024, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK