drahardja, #GitHub is under attack.
“The flow of the campaign is simple:
- Cloning existing repos (for example: TwitterFollowBot, WhatsappBOT, discord-boost-tool, Twitch-Follow-Bot, and hundreds more)
- Infecting them with malware loaders
- Uploading them back to GitHub with identical names
- Automatically forking each thousands of times
- Covertly promoting them across the web via forums, Discord, etc.
”“GitHub besieged by millions of malicious repositories in ongoing attack”