Security News > 2024 > April > GitLab affected by GitHub-style CDN flaw allowing malware hosting
BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy.
While most of the malware-associated activity was based around the Microsoft GitHub URLs, this "Flaw" could be abused with any public repository on GitHub or GitLab, allowing threat actors to create very convincing lures.
On Saturday, BleepingComputer reported how threat actors have been abusing GitHub comments to push malware while making it seem like the malicious files were hosted on official source code repos of credible organizations.
Since virtually every software company uses GitHub or GitLab, this flaw enable allow threat actors to develop extraordinarily crafty and trustworthy lures.
GitHub comments abused to push malware via Microsoft repo URLs.
Malicious Visual Studio projects on GitHub push Keyzetsu malware.