At least half a dozen fake GitHub accounts from a fraudulent cybersecurity company have been observed pushing malicious repositories on the code hosting service.
The repositories, which are still available as of writing, claim to be proof-of-concept (PoC) exploit for purported zero-day flaws in Discord, Google Chrome, and Microsoft Exchange.
The cybersecurity firm said it first came across the rogue repositories in early May.
Similar repositories have previously come under the radar of North Korean nation-state groups, as revealed by Google in January 2021.If anything, the findings show the need for exercising caution when it comes to downloading code from open source repositories, the cybersecurity firm says.
It recommends that customers exercise caution when downloading code from open source repository.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply