Hackers have found yet another way to trick devs into downloading malware from GitHub

GitHub logo on mobile phone screen with green and yellow gradient background
(Image credit: Getty Images)

Cyber criminals are using the comment section for popular repositories hosted on GitHub and GitLab to trick developers into downloading malware onto their systems.

The latest in a string of novel techniques used by threat actors to distribute malware via Git repositories, hackers once again rely on the reputation of trustworthy sources like Microsoft and Nvidia to sideload their malicious code onto developer systems.

The process involves abusing the file upload logic in GitHub’s comments, using the system to automatically generate download links using the name of the owner of the repository, regardless of the commentor’s identity or content of the file itself.

Sergei Frankfoff, co-founder of automated malware analysis company Open Analysis, first highlighted the issue in a livestream on 27 March 2024, in which he claimed threat actors were already actively exploiting the flaw.

On 17 April 2024, security company McAfee released a report on the Redline Stealer trojan that leveraged a LUA malware loader to deliver the malicious payload. 

The report noted that the LUA loader was distributed through a seemingly legitimate Microsoft GitHub repository, concluding that GitHub was being abused to host the malware at Microsoft’s official account under the vcpkg repository.

But upon further inspection by a separate publication, the source code for vcpkg repository – containing Microsoft’s C++ Library Manager for Windows, Linux, and MacOS – included no reference to the files.

Instead, hackers found a way of using the comment section underneath the repository to upload files which GitHub then links to the official Microsoft repository.

When users leave a comment on GitHub, they can choose to attach a file which is then uploaded to GitHub’s content delivery network (CDN) and linked to the project the comment was made on.

GitHub automatically generates a download link for the file, and the unique URL uses the name of the legitimate repository the comment was attached to, lending the link more credibility.

Because GitHub automatically generates the download link as soon as the file is attached to the comment, the hackers trying to evade detection can delete the comment as soon as the file is uploaded and their comment will disappear but the file will continue to be hosted at that repository.

As a result, mitigation steps are limited to unilaterally disabling comments on your repository, which for smaller maintainers might risk damaging their reputation or trustworthiness.

Frankoff noted in March that it appeared GitHub was trying to mitigate the issue by restricting the file types users can upload via the comment function, but warned ZIP files, often used to conceal malware, were still allowed.

Furthermore, GitLab also has a similar mechanism that automatically generates download URLs for files attached to comments, indicating hackers could apply this approach to similar developer platforms.

GitHub repositories have become a happy hunting ground for cyber criminals

This technique follows a string of similar cases where threat actors use platforms like GitHub to target developers with malware.

One such instance involved hackers abusing GitHub’s search function to trick developers into downloading malicious code. The attackers used the names of popular GitHub repositories to disguise malware.

The threat actors were observed using a number of GitHub features, such as its automation tool GitHub Action, to artificially push their fake repositories up the search results and promote their malware.

Hackers have also been recorded taking advantage of AI hallucinations by popular chatbots to distribute their malware via GitHub. 


Researchers at Lasso Security found ChatGPT frequently recommends code libraries that don’t actually exist.

A follow-up to the initial investigation warned that threat actors had picked up on this tendency and were uploading malware using the names of the frequently hallucinated packages in the hopes a developer might uncritically recommend the package by an AI agent.

The investigation revealed a dummy package created using the name of a fake Hugging Face package frequently hallucinated by ChatGPT received over 30,000 authentic downloads in only three months, illustrating how effective this technique could be.

Max Gannon, cyber intelligence team manager at email security specialist Cofense, said the lack of available mitigation measures for the flaw and the obfuscation baked into the approach makes the issue difficult to resolve.

“This is a very clever tactic for threat actors to take advantage of, especially because GitHub has really provided no way for companies to mitigate the threat. The only thing that can be done is for individuals to exercise caution when clicking any link, regardless of where it appears to go or who it appears to be from,” he said. 

“For example, if you stopped and thought about it, a .zip file containing cheat software is not likely to be directly hosted on a Microsoft repository."

Solomon Klappholz
Staff Writer

Solomon Klappholz is a Staff Writer at ITPro. He has experience writing about the technologies that facilitate industrial manufacturing which led to him developing a particular interest in IT regulation, industrial infrastructure applications, and machine learning.