Threat actors are exploiting a vulnerability in GitHub's file upload feature to distribute malware.

Malicious files are uploaded as comments on projects, creating download links that mimic legitimacy.

These files are hosted on GitHub's CDN, with the URLs remaining active indefinitely.

Attackers have attached malware to public repositories, including those of Microsoft, to create convincing lures.

A specific instance involves a LUA malware loader, presented as cheat software, still active through Microsoft's repository URLs.

GitHub and Microsoft have been informed of the exploit but have not yet issued a response.

The exploit has been used in additional campaigns like the distribution of SmartLoader malware.

Despite recognition of the issue, the distribution of malware through this method persists.