GitHub abused to distribute payloads on behalf of malware-as-a-service
Researchers from Cisco’s Talos security team discovered a malware-as-a-service operator using public GitHub accounts to distribute malicious software. This approach leveraged GitHub's trusted platform, often allowed in enterprise networks, making it challenging to detect malicious activity. Talos notified GitHub, which promptly removed the three accounts hosting the malware. The use of GitHub for hosting malicious payloads poses a challenge for organizations that rely on the platform for legitimate software development, as malicious downloads can easily blend in with regular web traffic.
Ars Technica•