Security News > 2024 > April > Beware: GitHub's Fake Popularity Scam Tricking Developers into Downloading Malware

2024-04-10 12:38
Threat actors are now taking advantage of GitHub's search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within Microsoft Visual Code project files that's designed to download next-stage payloads from a remote URL,
News URL
https://thehackernews.com/2024/04/beware-githubs-fake-popularity-scam.html
Related news
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)
- GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets (source)
- 200-plus impressively convincing GitHub repos are serving up malware (source)
- Hundreds of GitHub repos served up malware for years (source)
- Microsoft admits GitHub hosted malware that infected almost a million devices (source)
- Scam Alert: FBI ‘Increasingly Seeing’ Malware Distributed In Document Converters (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth (source)