GitHub comments used to distribute malware (BleepingComputer)
GitHub comments used to distribute malware (BleepingComputer)
Posted Apr 24, 2024 16:31 UTC (Wed) by josh (subscriber, #17465)In reply to: GitHub comments used to distribute malware (BleepingComputer) by rrolls
Parent article: GitHub comments used to distribute malware (BleepingComputer)
This seems like the right answer, yeah.
This rhymes with a previous exploit of this type: if you made a PR against a repository, you could link to files via that repository and your commit hash, and they'd look like they were part of the repository. GitHub's fix was to show a banner saying they weren't part of the repository.
Posted Apr 25, 2024 15:42 UTC (Thu)
by wtarreau (subscriber, #51152)
[Link]
GitHub comments used to distribute malware (BleepingComputer)