GitHub comments abused to push password stealing malware masked as fixes


GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. The campaign was first reported by a contributor to the teloxide rust library, who noted on Reddit that they received five different comments in their GitHub issues that pretended to be fixes but were instead pushing malware.

Read More


thumb-image

Solutions