GitHub Flaw Abused to Spread Malware via Microsoft Repo Links

April 21, 2024
GitHub Flaw Abused to Spread Malware via Microsoft Repo Links
  • Threat actors are exploiting a vulnerability in GitHub's file upload feature to distribute malware.

  • Malicious files are uploaded as comments on projects, creating download links that mimic legitimacy.

  • These files are hosted on GitHub's CDN, with the URLs remaining active indefinitely.

  • Attackers have attached malware to public repositories, including those of Microsoft, to create convincing lures.

  • A specific instance involves a LUA malware loader, presented as cheat software, still active through Microsoft's repository URLs.

  • GitHub and Microsoft have been informed of the exploit but have not yet issued a response.

  • The exploit has been used in additional campaigns like the distribution of SmartLoader malware.

  • Despite recognition of the issue, the distribution of malware through this method persists.

Summary based on 1 source


Get a daily email with more Startups stories

Source

Related Stories