{"id":1374755,"date":"2024-04-23T00:38:40","date_gmt":"2024-04-22T21:38:40","guid":{"rendered":"https:\/\/windowsreport.com\/?p=1374755"},"modified":"2024-04-23T15:29:54","modified_gmt":"2024-04-23T12:29:54","slug":"hackers-abused-github-comments-to-push-malware-using-microsoft-repo-urls","status":"publish","type":"post","link":"https:\/\/windowsreport.com\/hackers-abused-github-comments-to-push-malware-using-microsoft-repo-urls\/","title":{"rendered":"\u00a0Hackers abused GitHub comments to push malware using Microsoft repo URLs"},"content":{"rendered":"\n

In recent developments, hackers have been using a GitHub flaw to distribute malware through URLs related to Microsoft repositories, which poses a serious risk to users.<\/p>\n\n\n\n

In the initial observation in Microsoft repositories, the exploit can affect any public repository on the platform, which highlights security concerns.<\/p>\n\n\n\n

McAfee recently revealed a new malware loader pushed through potentially legit Microsoft GitHub repositories, like STL library and C++ Library Manager for Windows, macOS, and Linux(vcpkg) <\/p>\n\n\n\n

The URLs for the malware installers look like they are related to Microsoft repo. However, there is no reference to the files in the project’s source code, which is fishy. Here are the URLs: <\/p>\n\n\n\n

https://github[.]com\/microsoft\/vcpkg\/files\/14125503\/Cheat.Lab.2.7.2.zip\nhttps:\/\/github[.]com\/microsoft\/STL\/files\/14432565\/Cheater.Pro.1.6.0.zip<\/code><\/pre>\n\n\n\n
Bleeping Computer <\/a>further investigated the issue and found that these files were not included in the official repositories but were uploaded as attachments to comments on issues or commits within the projects. <\/p>\n\n\n\n
GitHub lets users attach files to comments, which are uploaded to GitHub’s Content Delivery Network (CDN) and associated with the respective project through unique URLs. <\/p>\n\n\n\n
Furthermore, if the comments are not posted or deleted after some time, these files are still accessible through the generated URLs.<\/p>\n\n\n\n
This flaw is concerning as it raises questions about the integrity of software distribution via GitHub. Hackers can easily upload malware disguised as legitimate files within comments on popular repositories.<\/p>\n\n\n\n
As these URLs are attached to the reputated repository names, users may not suspect them, which could lead to the widespread dissemination of malware across various industries and platforms.<\/p>\n\n\n\n
Even though the issue is so serious, GitHub does not have inbuilt settings to manage files added to projects, leaving companies on the platform vulnerable.<\/p>\n\n\n\n
Bleeping Computer has alerted Microsoft and GitHub about the flaw, but they have not responded yet. Although GitHub has removed the malware linked to Microsoft’s repositories, the malware related to Aimmy and httprouter is still there.<\/p>\n\n\n\n
If you wish to protect your reputation and don’t want your account and repositories being abused, the only way is to disable comments on your project. However, according to the\u00a0GitHub support document<\/a>,\u00a0you can only disable comments for six months at a time.<\/p>\n\n\n\n
Also, not allowing users to comment on your project could badly affect the development\u00a0of the project to report suggestions or bugs.<\/p>\n\n\n\n
The incident is a reminder that the open source community and similar platforms should take proactive measures to protect its users from malicious activity. <\/p>\n\n\n\n
What do you think about the incident? Share your thoughts with our readers in the comments section below.<\/p>\n","protected":false},"excerpt":{"rendered":"
In recent developments, hackers have been using a GitHub flaw to distribute malware through URLs related to Microsoft repositories, which poses a serious risk to users. In the initial observation in Microsoft repositories, the exploit can affect any public repository on the platform, which highlights security concerns. McAfee recently revealed a new malware loader pushed […]<\/p>\n","protected":false},"author":2253,"featured_media":1374767,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_enabled_clarity":"","ep_exclude_from_search":false,"footnotes":""},"categories":[4],"tags":[458240],"work":[],"acf":[],"yoast_head":"\n\u00a0Hackers abused GitHub comments to push malware using Microsoft repo URLs<\/title>\n<meta name=\"description\" content=\"Hackers are using a GitHub flaw to distribute malware through URLs related to Microsoft repositories, which poses a serious risk to users.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/windowsreport.com\/hackers-abused-github-comments-to-push-malware-using-microsoft-repo-urls\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u00a0Hackers abused GitHub comments to push malware using Microsoft repo URLs\" \/>\n<meta property=\"og:description\" content=\"Hackers are using a GitHub flaw to distribute malware through URLs related to Microsoft repositories, which poses a serious risk to users.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/windowsreport.com\/hackers-abused-github-comments-to-push-malware-using-microsoft-repo-urls\/\" \/>\n<meta property=\"og:site_name\" content=\"Windows Report\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/WindowsReport\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-22T21:38:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-23T12:29:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/windowsreport.com\/wp-content\/uploads\/2024\/04\/Github-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1280\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@SrishtiSisodia\" \/>\n<meta name=\"twitter:site\" content=\"@WindowsRep\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/windowsreport.com\/#organization\",\"name\":\"WindowsReport\",\"url\":\"https:\/\/windowsreport.com\/\",\"sameAs\":[\"https:\/\/www.facebook.com\/WindowsReport\",\"https:\/\/www.instagram.com\/Windows.Report\/\",\"https:\/\/www.linkedin.com\/company\/windowsreport\/\",\"https:\/\/www.youtube.com\/channel\/UCvAaplMymP1PcGkp26qUXlA\",\"https:\/\/pinterest.com\/Windows_Report\/\",\"https:\/\/twitter.com\/WindowsRep\"],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/windowsreport.com\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/windowsreport.com\/wp-content\/uploads\/2020\/05\/windowsreport-logo-quantcast.png\",\"width\":170,\"height\":28,\"caption\":\"WindowsReport\"},\"image\":{\"@id\":\"https:\/\/windowsreport.com\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/windowsreport.com\/#website\",\"url\":\"https:\/\/windowsreport.com\/\",\"name\":\"Windows Report\",\"description\":\"Time-saving software and hardware expertise that helped 500MM+ PC users. Guiding you with how-to advice, news and tips to upgrade your tech life.\",\"publisher\":{\"@id\":\"https:\/\/windowsreport.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":\"https:\/\/windowsreport.com\/?s={search_term_string}\",\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/windowsreport.com\/hackers-abused-github-comments-to-push-malware-using-microsoft-repo-urls\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/windowsreport.com\/wp-content\/uploads\/2024\/04\/Github-1.png\",\"width\":1920,\"height\":1280,\"caption\":\"\\u00a0Hackers abused GitHub comments to push malware using Microsoft repo URLs\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/windowsreport.com\/hackers-abused-github-comments-to-push-malware-using-microsoft-repo-urls\/#webpage\",\"url\":\"https:\/\/windowsreport.com\/hackers-abused-github-comments-to-push-malware-using-microsoft-repo-urls\/\",\"name\":\"\\u00a0Hackers abused GitHub comments to push malware using Microsoft repo URLs\",\"isPartOf\":{\"@id\":\"https:\/\/windowsreport.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/windowsreport.com\/hackers-abused-github-comments-to-push-malware-using-microsoft-repo-urls\/#primaryimage\"},\"datePublished\":\"2024-04-22T21:38:40+00:00\",\"dateModified\":\"2024-04-23T12:29:54+00:00\",\"description\":\"Hackers are using a GitHub flaw to distribute malware through URLs related to Microsoft repositories, which poses a serious risk to users.\",\"breadcrumb\":{\"@id\":\"https:\/\/windowsreport.com\/hackers-abused-github-comments-to-push-malware-using-microsoft-repo-urls\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/windowsreport.com\/hackers-abused-github-comments-to-push-malware-using-microsoft-repo-urls\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/windowsreport.com\/hackers-abused-github-comments-to-push-malware-using-microsoft-repo-urls\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"item\":{\"@type\":\"WebPage\",\"@id\":\"https:\/\/windowsreport.com\/category\/news\/\",\"url\":\"https:\/\/windowsreport.com\/category\/news\/\",\"name\":\"News\"}},{\"@type\":\"ListItem\",\"position\":2,\"item\":{\"@type\":\"WebPage\",\"@id\":\"https:\/\/windowsreport.com\/hackers-abused-github-comments-to-push-malware-using-microsoft-repo-urls\/\",\"url\":\"https:\/\/windowsreport.com\/hackers-abused-github-comments-to-push-malware-using-microsoft-repo-urls\/\",\"name\":\"\\u00a0Hackers abused GitHub comments to push malware using Microsoft repo URLs\"}}]},{\"@type\":\"NewsArticle\",\"@id\":\"https:\/\/windowsreport.com\/hackers-abused-github-comments-to-push-malware-using-microsoft-repo-urls\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/windowsreport.com\/hackers-abused-github-comments-to-push-malware-using-microsoft-repo-urls\/#webpage\"},\"author\":{\"@id\":\"https:\/\/windowsreport.com\/#\/schema\/person\/6c79e8eae542e04c1fb2e162835efb79\"},\"headline\":\"\\u00a0Hackers abused GitHub comments to push malware using Microsoft repo URLs\",\"datePublished\":\"2024-04-22T21:38:40+00:00\",\"dateModified\":\"2024-04-23T12:29:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/windowsreport.com\/hackers-abused-github-comments-to-push-malware-using-microsoft-repo-urls\/#webpage\"},\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/windowsreport.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/windowsreport.com\/hackers-abused-github-comments-to-push-malware-using-microsoft-repo-urls\/#primaryimage\"},\"keywords\":\"Github\",\"articleSection\":\"News\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/windowsreport.com\/hackers-abused-github-comments-to-push-malware-using-microsoft-repo-urls\/#respond\"]}],\"copyrightYear\":\"2024\",\"copyrightHolder\":{\"@id\":\"https:\/\/windowsreport.com\/#organization\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/windowsreport.com\/#\/schema\/person\/6c79e8eae542e04c1fb2e162835efb79\",\"name\":\"Srishti Sisodia\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/windowsreport.com\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/windowsreport.com\/wp-content\/uploads\/2024\/01\/IMG_9270.jpg\",\"caption\":\"Srishti Sisodia\"},\"description\":\"Srishti Sisodia is an electronics engineer and writer with a passion for technology. She has extensive experience exploring the latest technological advancements and sharing her insights through informative blogs. Her diverse interests bring a unique perspective to her work, and she approaches everything with commitment, enthusiasm, and a willingness to learn. That's why she's part of Windows Report's Reviewers team, always willing to share the real-life experience with any software or hardware product. She's also specialized in Azure, cloud computing, and AI.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/srishti-sisodia-631116163\/\",\"https:\/\/twitter.com\/SrishtiSisodia\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","_links":{"self":[{"href":"https:\/\/windowsreport.com\/wp-json\/wp\/v2\/posts\/1374755"}],"collection":[{"href":"https:\/\/windowsreport.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/windowsreport.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/windowsreport.com\/wp-json\/wp\/v2\/users\/2253"}],"replies":[{"embeddable":true,"href":"https:\/\/windowsreport.com\/wp-json\/wp\/v2\/comments?post=1374755"}],"version-history":[{"count":8,"href":"https:\/\/windowsreport.com\/wp-json\/wp\/v2\/posts\/1374755\/revisions"}],"predecessor-version":[{"id":1374964,"href":"https:\/\/windowsreport.com\/wp-json\/wp\/v2\/posts\/1374755\/revisions\/1374964"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/windowsreport.com\/wp-json\/wp\/v2\/media\/1374767"}],"wp:attachment":[{"href":"https:\/\/windowsreport.com\/wp-json\/wp\/v2\/media?parent=1374755"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/windowsreport.com\/wp-json\/wp\/v2\/categories?post=1374755"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/windowsreport.com\/wp-json\/wp\/v2\/tags?post=1374755"},{"taxonomy":"work","embeddable":true,"href":"https:\/\/windowsreport.com\/wp-json\/wp\/v2\/work?post=1374755"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}