GitHub comments used to distribute malware (BleepingComputer)

by
daroc
from LWN.net on (#6MABG)

BleepingComputerreported on April 20 that some malware was being distributed via GitHub.Uploading files as part of a comment gives them a URL that appears to beassociated with a repository, even if the comment is never posted.

A GitHub flaw, or possibly a design decision, is being abused by threat actorsto distribute malware using URLs associated with Microsoft repositories, makingthe files appear trustworthy.

While most of the malware activity has been based around the Microsoft GitHubURLs, this "flaw" could be abused with any public repository on GitHub, allowingthreat actors to create very convincing lures.

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments