Beware: GitHub's Fake Popularity Scam Tricking Developers into Downloading Malware

Beware: GitHub's Fake Popularity Scam Tricking Developers into Downloading Malware


Threat actors are now taking advantage of GitHub’s search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware.
The latest assault on the open-source software supply chain involves concealing malicious code within Microsoft Visual Code project files that’s designed to download next-stage payloads from a remote URL,

The post “Beware: GitHub's Fake Popularity Scam Tricking Developers into Downloading Malware” appeared first on The Hacker News

Source:The Hacker News – [email protected] (The Hacker News)