Attackers are using GitHub as a malware distribution channel by mass-cloning legitimate repositories and injecting trojans, thereby compromising developer supply chains.
ScarCruft uses fake Microsoft security alerts to distribute NarwhalRAT, a Python-based malware that operates in memory and communicates with command-and-control servers via compromised websites and pCloud APIs.
At least 15 malicious plugins in the JetBrains Marketplace were designed to steal AI API keys from developers and gain access to internal corporate services.
Miasma replicates autonomously across Git repositories and automatically deletes user data when its GitHub token is blocked, with the now-public source code expected to lead to further variants.
Bright Data integrates an SDK into free apps that repurposes smart TVs and smartphones as exit nodes for a global proxy network with 400 million IP addresses without sufficient transparency—even when VPN connections are active.
Over 400 Arch Linux AUR packages were compromised with infostealer malware, posing a data exfiltration risk to all systems that installed these packages on or after June 11, 2026.