ON 23 March 2026, DataBreaches[.]Net reports that GitHub is slowly becoming a very dangerous website as more threat actors are using it to host and distribute malware disguised as legitimate software repositories. The piece notes that what started as an infrequent sighting in early 2024 is now at the centre of an increasing number of infosec and malware reports, according to Catalin Cimpanu.
The tactic described involves a threat actor taking a legitimate repository, adding malware to the files—typically an infostealer or a remote access trojan—and then re-uploading the boobytrapped repo to GitHub. The attacker would then share links online via social media or forums, or use black-hat SEO or malvertising campaigns to lure users to the malicious GitHub repos. The article points readers to Risky Business for more details.