🚨⚠️Alert #Github Users: Threat actors are exploiting a flaw in GitHub's file upload feature to distribute malware using URLs associated with legitimate repositories, such as those from Microsoft. These URLs appear trustworthy but lead to malicious files uploaded as comments on unrelated commits or issues. Even if the comment is not posted or deleted, the files remain accessible, posing a significant risk. While there's no easy fix, disabling comments temporarily may mitigate the threat.
For example, a threat actor could upload a malware executable in NVIDIA's driver installer repo that pretends to be a new driver fixing issues in a popular game. Or a threat actor could upload a file in a comment to the Google Chromium source code and pretend it's a new test version of the web browser.
Stay vigilant and report suspicious activity.
#Cybersecurity #GitHubFlaw #MalwareDistribution