Critical GitHub Vulnerability Exploited to Distribute Malware as Microsoft Downloads

A severe flaw in GitHub’s file upload system allows hackers to distribute malware under the guise of Microsoft, compromising user security.

According to reports on April 23, we know that the code hosting website GitHub was exposed to a high-risk and serious vulnerability in the comment file upload system.

Hackers can exploit this vulnerability to distribute various malware. Users can upload files to a specified GitHub comment (even if the comment does not exist), and a download link will be automatically generated.

This link includes the name of the repository and its owner, which may trick victims into thinking the file is legitimate.

github inspire2rise

For example, the URL address of a file uploaded to GitHub can indicate that it comes from Microsoft, but in fact the project code never mentions the relevant content.

We have attached two examples as follows:

Moreover, the vulnerability does not require any complex professional technology, just uploading a malicious file to a specified comment.

Attackers can upload malware in any trusted repository and then distribute it through GitHub links. Moreover, these links belong to the official URL domain name of GitHub, and the suffix is ​”Microsoft” and other official repositories, so users are very likely to believe that the content of the URL download link is formal and safe.

GitHub has currently deleted some malware links but has not yet completely fixed the vulnerability.

For developers, there is currently no effective way to prevent this abuse, and the only solution is to completely disable comments.

Keep visiting for more such awesome posts, internet tips, lifestyle tips, and remember we cover,
“Everything under the Sun!”

Inspire2Rise Logo Org

Follow Inspire2rise on Twitter. | Follow Inspire2rise on Facebook. | Follow Inspire2rise on YouTube

Learn more about  Lenovo Tab V7 Ultra-Portable Tab launched in India!

I am a QA/QMS Lead and was a mechanical and automation engineering student. A hardcore gamer and master in the Age of Empire, and always ready to learn and create new things. I love challenges and like to face them upfront.

Critical GitHub Vulnerability Exploited to Distribute Malware as Microsoft Downloads

Leave a Comment

Discover more from Inspire2Rise

Subscribe now to keep reading and get access to the full archive.

Continue reading