GitHub Comments Abused to Spread Malware in Fake Microsoft Repositories

Hackers use GitHub content and masquerade as Microsoft software downloads to trick users into downloading malware.

McAfee cybersecurity researchers have discovered a malicious program that exploits the comments section of GitHub, where threat actors upload malware and shroud it as a legitimate Microsoft repository

This incident reminds me of a similar incident in June 2027, when Russian hackers used the comments on Britney Spears' Instagram profile to host malware

According to McAfee, cybercriminals have been using GitHub’s file upload logic since February 2024 to host and distribute malware via automated download links containing the repository’s owner’s name and ownership information

These storage devices are vulnerable to password theft disguised as innocuous-looking files. More annoyingly, the archives also included downloads designed to mimic official Microsoft software repository URLs.

GitHub’s comments feature stores files on its servers and creates real-time access to them. This can fool potential victims into thinking they’re clicking on a link from a trusted developer. Users do not need to send comments or error reports because the file is already uploaded and available.