GitHub comments abused to push malware via Microsoft repo URLs
-
A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with a Microsoft repository, making the files appear trustworthy.
What kind of world do we live in when you can't even trust a download from Microsoft to *only* have their flaws?
"Even if you decide not to post the comment or delete it after it is posted, the files are not deleted from GitHub's CDN, and the download URLs continue to work forever." <-- Who came up with that great design?
-
A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with a Microsoft repository, making the files appear trustworthy.
What kind of world do we live in when you can't even trust a download from Microsoft to *only* have their flaws?
"Even if you decide not to post the comment or delete it after it is posted, the files are not deleted from GitHub's CDN, and the download URLs continue to work forever." <-- Who came up with that great design?
Probably the one with the idea of changing the start menu and place ads in its place. X| :mad:
M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.