all InfoSec news
New Technique to Trick Developers Detected in an Open Source Supply Chain Attack
Malware Analysis, News and Indicators - Latest topics malware.news
In a recent attack campaign, cybercriminals were discovered cleverly manipulating GitHub’s search functionality, and using meticulously crafted repositories to distribute malware.
Key Points
- GitHub search manipulation: Attackers create malicious repositories with popular names and topics, using techniques like automated updates and fake stars to boost search rankings and deceive users.
- Malicious code is often hidden within Visual Studio project files (.csproj or .vcxproj) to evade detection, automatically executing when the project is built.
- The attacker had set up the stage …
attack attackers automated campaign cybercriminals developers fake github key key points malicious malware manipulation names open source open source supply chain points popular repositories search stars supply supply chain supply chain attack techniques topics updates