Bleeping Computer

Clever 'GitHub Scanner' campaign abusing repos to push malware

A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to ...
Bleeping Computer

GitHub comments abused to push malware via Microsoft repo URLs

A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. While most ...
heise online

Malicious code in 200 GitHub repositories steals almost 500,000 euros

Security firm Kaspersky has warned of a new attack on GitHub repositories in which the attackers offer harmless fake software that steals bank details and Bitcoin wallets. The campaign, dubbed ...