"Threat Actors Manipulate GitHub Search to Deliver Malware"

Researchers at Checkmarx have observed threat actors manipulating GitHub search results in order to infect developers with persistent malware. As part of the campaign, attackers created malicious repositories using popular names and topics. They then boosted their search rankings using automated updates and fake stars. To avoid detection, the threat actors hid a malicious payload within Visual Studio project files. The payload results in the execution of malware similar to the "Keyzetsu clipper," which targets cryptocurrency wallets. This article continues to discuss the threat actors' manipulation of GitHub search results to infect developers with persistent malware.

SecurityWeek reports "Threat Actors Manipulate GitHub Search to Deliver Malware"

Submitted by grigby1

Submitted by Gregory Rigby on