Security News > 2024 > August > GitHub comments abused to push password stealing malware masked as fixes

GitHub comments abused to push password stealing malware masked as fixes

2024-08-31 15:21

GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. [...]

News URL

https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-password-stealing-malware-masked-as-fixes/

#github #malware

Related news

GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets (source)
200-plus impressively convincing GitHub repos are serving up malware (source)
Hundreds of GitHub repos served up malware for years (source)
Microsoft admits GitHub hosted malware that infected almost a million devices (source)
⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth (source)

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Github		13	2	47	29	19	97

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.