1. Forum
  2. tqwNet
  3. TQW GENTECH

  • GitHub developers targeted by fake VS Code alerts spreading malwa

    From TechnologyDaily@1337:1/100 to All on Monday, March 30, 2026 15:45:28
    GitHub developers targeted by fake VS Code alerts spreading malware

    Date:
    Mon, 30 Mar 2026 14:35:00 +0000

    Description:
    GitHub 'Discussions' section is being manipulated into delivering malware to software devs.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter Socket uncovers large-scale GitHub spam campaign abusing Discussions notifications Fake advisories with bogus CVEs trick developers into downloading malware via cloud-hosted links Thousands of identical posts observed, showing coordinated effort to target developer credentials and projects Cybercriminals are tricking GitHub into sending out fraudulent email notifications, luring software developers into downloading malware, experts have warned.

    Security researchers Socket, who said they observed a large-scale,
    coordinated spam campaign targeting developers on various projects. GitHub
    has a section called Discussions, which is essentially a forum for discussing various projects. When a developer participates in, or monitors a topic, they get notified via email when something gets posted. Article continues below
    You may like Hackers exploit OpenClaw to spread malware via GitHub - and a little help from Bing Fake Moltbot AI assistant just spreads malware - so AI fans, watch out for scams North Korean job scammers target JavaScript and Python developers with fake interview tasks spreading malware Large-scale campaign Now, Socket says criminals are posting fake advisories with titles such as Severe Vulnerability - Immediate Update Required. These advisories, often with fake CVE IDs, are posted by either brand-new accounts, or old, inactive ones likely stolen elsewhere.

    Once the warning is posted, GitHub mails the participants who, if they dont spot the trick, end up downloading malware . The advisories contain a link to patched versions of impacted VS Code extensions, hosted on Google Drive and other cloud storage services.

    Clicking on the link sends the victim through a series of redirects, grabbing data along the way, and making sure to present malware only to validated victims. Hence, Socket was not able to download the final payload and thus does not know what it is. Its safe to assume it is an infostealer, though, as software developers are often targeted for their access to valuable projects, or for cryptocurrency wallets they have installed in their browsers.

    The campaign seems to be well-organized and rather large, Socket says. It casts a wide net, trying to infect as many GitHub users as possible. Are you
    a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
    your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    Early searches show thousands of nearly identical posts across repositories, indicating this is not an isolated incident but a coordinated spam campaign, Socket said.

    Because GitHub Discussions trigger email notifications for participants and watchers, these posts are also delivered directly to developers inboxes.

    Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/github-developers-targeted-by-fake-vs-c ode-alerts-spreading-malware


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)