GitHub Flaw Abused to Spread Malware via Microsoft Repo Links
April 20, 2024
Threat actors are exploiting a vulnerability in GitHub's file upload feature to distribute malware.
Malicious files are uploaded as comments on projects, creating download links that mimic legitimacy.
These files are hosted on GitHub's CDN, with the URLs remaining active indefinitely.
Attackers have attached malware to public repositories, including those of Microsoft, to create convincing lures.
A specific instance involves a LUA malware loader, presented as cheat software, still active through Microsoft's repository URLs.
GitHub and Microsoft have been informed of the exploit but have not yet issued a response.
The exploit has been used in additional campaigns like the distribution of SmartLoader malware.
Despite recognition of the issue, the distribution of malware through this method persists.
Summary based on 1 source
Get a daily email with more Startups stories
Source

BleepingComputer • Apr 20, 2024
GitHub comments abused to push malware via Microsoft repo URLs