GitHub Infected: Cybercriminals Leave 30,000 Malware-Laden Comments!
Cybercriminals are now using comments on GitHub projects to distribute the Lumma Stealer malware. Developers are tricked into downloading a password-protected archive, which hides the notorious malware capable of stealing sensitive information.
Hot Take:
Cybercriminals are now using GitHub comments to deliver malware? Guess they’re taking the concept of “code review” to a whole new level of sinister efficiency. It’s time to treat every comment like it’s a backstabbing frenemy.
Key Points:
- Malware-laden comments are being left en masse on GitHub projects.
- The comments often contain links to download the Lumma Stealer malware.
- Lumma Stealer is capable of stealing a wide range of sensitive information, including credentials and cryptocurrency wallet data.
- Security researchers recently identified Lumma Stealer being distributed through fake pirated movies.
- Despite GitHub’s efforts to delete malicious comments, some developers have already fallen for these tricks.
Membership Required
You must be a member to access this content.