GitHub comments used to distribute malware (BleepingComputer)

What is interesting, is that this is the same git repo that was mentioned in another LWN article's comments (https://lwn.net/Articles/967866/) regarding the actions of a specific user that was (probably innocently) suspected of being involved with the XZ attack, because of their actions (being pushy about updating a version to the vulnerable xz version) in an issue for that repo.

I would say it's probably just a random co-incidence, but I am not surprised that devs and maintainers are now looking carefully at their own, and other important projects for signs of attack (e.g. the ZSH Plugin Manager video from 8 days ago).