Wired

A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub

A secretive network of around 3,000 “ghost” accounts on GitHub has quietly been manipulating pages on the code-hosting website to promote malware and phishing links, according to new research seen by ...
Bleeping Computer

Hackers can use GitHub Codespaces to host and deliver malware

Researchers have demonstrated how threat actors can abuse the GitHub Codespaces' port forwarding' feature to host and distribute malware and malicious scripts. GitHub Codespaces allows developers to ...
Ars Technica

GitHub abused to distribute payloads on behalf of malware-as-a-service

Researchers from Cisco’s Talos security team have uncovered a malware-as-a-service operator that used public GitHub accounts as a channel for distributing an assortment of malicious software to ...
CSOonline

How attackers might use GitHub Codespaces to hide malware delivery

A feature that allows developers to make applications accessible by a public GitHub URL could enable attackers to deliver malware and avoid detection. Attackers could start abusing GitHub Codespaces, ...
TechRadar

Dangerous WebRAT malware now being spread by GitHub repositories

Kaspersky finds 15 malicious GitHub repositories posing as proof‑of‑concept exploits, some crafted with Gen AI Victims receive a ZIP with decoys and a dropper (rasmanesc.exe) that installs WebRAT ...
CoinTelegraph

How cybercriminals use YouTube and GitHub to spread crypto malware

In the ever-evolving landscape of cyber threats, two platforms traditionally viewed as safe spaces for content creation, learning and open-source collaboration have become targets for distributing ...
Hosted on MSN

Microsoft admits GitHub hosted malware that infected almost a million devices

Infosec in Brief Microsoft has spotted a malvertising campaign that downloaded nastyware hosted on GitHub and exposed nearly a million devices to information thieves.… Discovered by Microsoft Threat ...
Infosecurity-magazine.com

Banana Squad’s Stealthy GitHub Malware Campaign Targets Devs

A new campaign exploiting GitHub to distribute malicious Python code disguised as legitimate hacking tools has been uncovered by cybersecurity researchers. The operation, tied to the group known as ...
TechSpot

BlackLotus UEFI malware source code has leaked on GitHub

WTF?! BlackLotus was first discovered in October 2022, and it has since been described as one of the most complex annd dangerous threats against the secure Windows boot process. The bootkit will ...
Crowdfund Insider

Kaspersky Exposes Malware on GitHub Stealing User Data and Bitcoin

Kaspersky Global Research & Analysis Team (GReAT) discovered hundreds of open source repositories with multistaged malware targeting gamers and crypto investors within a new campaign that was dubbed ...
CoinTelegraph

Hackers are making fake GitHub projects to steal crypto: Kaspersky

Kaspersky found that at least one victim lost 5 Bitcoin, worth around $442,000, to a malware-riddled fake project in November. Hackers are creating hundreds of fake GitHub projects aiming to dupe ...