Tag: Microsoft repo URLs

GitHub comments abused to push malware via Microsoft repo URLs
News

GitHub comments abused to push malware via Microsoft repo URLs

Threat actors are using a GitHub bug, or perhaps a design choice, to spread malware via URLs linked to a Microsoft repository, giving the files the appearance of being reliable. Threat actors could utilize this "flaw" to generate very convincing lures using any public repository on GitHub, even though the majority of malware activity has been focused on Microsoft GitHub URLs. A new LUA malware loader was discovered by McAfee yesterday, and it was made available via what looked to be an authentic Microsoft GitHub repository for the "C++ Library Manager for Windows, Linux, and MacOS," or vcpkg. Although the malware installers' URLs, which are displayed below, unmistakably point to the Microsoft repository, we were unable to locate any mention of the files in the project's source co...