Beware of Malware Disguised as Fixes in GitHub Comments

An alarming development places GitHub users at risk of falling prey to a sophisticated cyber scam involving the distribution of malware through comments on the platform.

Threat actors have found a way to exploit GitHub’s comments feature – they’re injecting the infamous Lumma Stealer malware through comments falsely presented as solutions to coding issues.

Malicious Comments Spotted by Rust Library Contributor

The deception was first spotted by a contributor on the “teloxide” Rust library, who noticed multiple comments on their GitHub suggesting malware-laden “fixes.”

As BleepingComputer reported after investigating the matter, this tactic was widespread, with malicious comments numbering more than 29,000 in three days.

The rogue comments often directed users to download password-protected archives harboring harmful executables from common file-sharing websites.

Lumma Info-Stealer Malware Spread Through Seemingly Helpful Comments

Once executed, the malware aggressively harvests sensitive data from various sources on the compromised device, including browsing history, passwords, credit card details, and even cryptocurrency wallets from browsers and text files likely to contain private keys.

Although GitHub has been actively deleting these malicious comments as they emerge, threat actors have already done substantial damage, compromising numerous users.

Affected Users Urged to Change All Passwords

Users who fall for the malicious campaign and launch the executable are advised to change their accounts’ passwords and secure their digital assets immediately. To prevent credential stuffing attacks, users should set unique passwords for each of their accounts.

This attack method leverages stolen credentials from previous breaches and assumes that many users employ the same password across multiple platforms. Using distinct passwords for every account can thwart these attempts, as the breach of one password doesn't compromise other accounts.

Not The First Attempt at Weaponizing GitHub Comments

This isn’t the first time GitHub comments have been weaponized to spread malware. A previous incident exploited a GitHub content delivery network (CDN) flaw, allowing perpetrators to host and distribute malware.

Threat actors disguised malicious files using Microsoft GitHub URLs and created a façade of legitimacy by associating them with trusted repositories.

Fending Off Malware and Other Digital Intrusions

Specialized software like Bitdefender Ultimate Security can give you the upper hand in the fight against infostealer malware and other digital threats.

It detects and deters viruses, trojans, worms, spyware, ransomware, rootkits, and zero-day exploits, and has a wide range of advanced features, including behavioral detection, network threat prevention, complete real-time data protection, and vulnerability assessment modules to help you maintain your digital security.