Security News > 2024 > April > Beware: GitHub's Fake Popularity Scam Tricking Developers into Downloading Malware
2024-04-10 12:38
Threat actors are now taking advantage of GitHub's search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within Microsoft Visual Code project files that's designed to download next-stage payloads from a remote URL,
News URL
https://thehackernews.com/2024/04/beware-githubs-fake-popularity-scam.html
Related news
- ⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams (source)
- Crypto Developers Targeted by Python Malware Disguised as Coding Challenges (source)
- Linux wiper malware hidden in malicious Go modules on GitHub (source)
- GitHub becomes go-to platform for malware delivery across Europe (source)
- More than a hundred backdoored malware repos traced to single GitHub user (source)