GitHub comments abused to push malware via Microsoft repo URLs

Threat actors are using a GitHub bug, or perhaps a design choice, to spread malware via URLs linked to a Microsoft repository, giving the files the appearance of being reliable.

Threat actors could utilize this “flaw” to generate very convincing lures using any public repository on GitHub, even though the majority of malware activity has been focused on Microsoft GitHub URLs.

A new LUA malware loader was discovered by McAfee yesterday, and it was made available via what looked to be an authentic Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” or vcpkg.

Although the malware installers’ URLs, which are displayed below, unmistakably point to the Microsoft repository, we were unable to locate any mention of the files in the project’s source code read more GitHub comments abused to push malware via Microsoft repo URLs.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *