"Clever 'GitHub Scanner' Campaign Abusing Repos to Push Malware"

A new phishing campaign is using GitHub repositories to spread the "Lumma Stealer" password-stealing malware to those who frequent or receive email notifications from an open source project repository. It involves a malicious GitHub user opening a new "issue" on an open source repository, claiming that the project has a "security vulnerability," and encouraging others to visit a counterfeit "GitHub Scanner" domain. The domain is actually not associated with GitHub and lures users into installing Windows malware. Users and contributors to such repositories receive these email alerts from legitimate GitHub servers when a threat actor files a new issue, making this threat campaign more convincing. This article continues to discuss findings regarding the malicious GitHub Scanner campaign.

BleepingComputer reports "Clever 'GitHub Scanner' Campaign Abusing Repos to Push Malware"

Submitted by grigby1

Submitted by Gregory Rigby on