Security News > 2024 > April > Beware: GitHub's Fake Popularity Scam Tricking Developers into Downloading Malware
2024-04-10 12:38
Threat actors are now taking advantage of GitHub's search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within Microsoft Visual Code project files that's designed to download next-stage payloads from a remote URL,
News URL
https://thehackernews.com/2024/04/beware-githubs-fake-popularity-scam.html
Related news
- Google's new AI search results promotes sites pushing malware, scams (source)
- Google Sues App Developers Over Fake Crypto Investment App Scam (source)
- Malicious Visual Studio projects on GitHub push Keyzetsu malware (source)
- GitHub comments abused to push malware via Microsoft repo URLs (source)
- GitLab affected by GitHub-style CDN flaw allowing malware hosting (source)
- Using Legitimate GitHub URLs for Malware (source)
- Bogus npm Packages Used to Trick Software Developers into Installing Malware (source)