Security News > 2024 > April > Beware: GitHub's Fake Popularity Scam Tricking Developers into Downloading Malware
2024-04-10 12:38
Threat actors are now taking advantage of GitHub's search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within Microsoft Visual Code project files that's designed to download next-stage payloads from a remote URL,
News URL
https://thehackernews.com/2024/04/beware-githubs-fake-popularity-scam.html
Related news
- New PondRAT Malware Hidden in Python Packages Targets Software Developers (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers (source)
- SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims (source)
- New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns (source)
- GoIssue phishing tool targets GitHub developer credentials (source)