Techly NewsGet the app

Get the latest tech news

GitHub notification emails used to send malware


Malicious actors are abusing legitimate notification emails sent by GitHub to try and trick people into downloading malware.

Perhaps somebody has created a new issue on one of my repos, or replied to a comment I left, or opened a pull request, or perhaps the user is trying to impersonate GitHub security and trick me into downloading malware. Captcha-gated sites are annoyingly common, thanks in part to services like Cloudflare which offers automated challenges based on heuristics. Normally you'd be clicking on a never-ending slideshow of sidewalks or motorcycles as you definitely don't help train AI, but instead this site is asking you to take the very specific step of opening the Windows Run box and pasting in a command.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of malware

malware

Related news:

News photo

Clever 'GitHub Scanner' campaign abusing repos to push malware

News photo

Chinese botnet infects 260,000 SOHO routers, IP cameras with malware

News photo

Malware locks browser in kiosk mode to steal Google credentials

« OpenAI to Decide Which Backers to Let Into $6.5 Billion Funding
Spinning the Night Self »