When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.

Apiiro is calling it a malicious repository confusion campaign.

The Apiiro teams estimate that over 100,000 GitHub repositories are affected, possibly even millions.

Image of the GitHub homepage

Githubt is under attack and there isn’t an easy fix.

What are repository confusion attacks?

There are very popular repositories that are often searched for and downloaded by many people.

These features indicate a watering hole attack that is very common in CyberSecurity.

Image of GitHub Repo attack malicious code

(Image credit: Apiiro)

Awatering hole attackinvolves cyber attackers targeting groups of users by infecting websites they frequently visit.

Once these attackers reupload their malicious repositories, they use automation to fork them thousands of times.

This tactic is pretty commonly used.

Image of GitHub Repo attack malicious code

(Image credit: Apiiro)

The file being circulated was malicious, though, and caused a lot of people to lose their data.

How do the GitHub malicious repositories infect your PC?

Here is an example of some malicious code on GitHub.

Image of GitHub Repo attack malicious code

(Image credit: Apiiro)

The malicious code is pushed off to the far right so it’s not on screen.

A supply chain attack is a cyberattack targeting a trusted third-party vendor or supplier.

These attacks obfuscate the code, and Python is mainly used to carry out the attacks.

Microsoft Defender

Microsoft tries to be a global leader in security but has a lot of in-house issues it needs to address.

If you download a malicious GitHub repository, these things could be stolen or done on your PC.

What can Microsoft do to make GitHub safe?

This attack started in May of 2023 but has grown exponentially.

Binary code displayed on a laptop screen and Guy Fawkes mask are seen in this illustration photo.

As these attacks continue, more and more users could be infected.

Suppose you want to look to see if your PC is infected.

Apiiro provided aVirusTotal graphwith some of the malicious files discovered.

X (formerly Twitter)

If you want to check your PC for these files, that would be highly time-consuming.

Look for any code communicating with social media platforms or crypto wallets.

Be careful when downloading any code from GitHub until Microsoft can handle this issue.

Apple Store in Bangkok, Thailand

GitHub isn’t the only cybersecurity issue Microsoft is facing.

Microsoft has recently launchedSecurity Copilot, a tool purported to enhance the performance of cybersecurity defenders.

Bill Gates holding up a copy of Windows XP operating system in New York�s Times Square.

Cloud servers

Microsoft 50

Microsoft event

Lenovo IdeaPad 5x 2-in-1 deal

Promotional screenshot of characters from Zenless Zone Zero

A closeup shot of the MSI Claw 8 AI+�s ABXY buttons.

The Crew

Promotional screenshot of a superpowered football kick in Inazuma Eleven: Victory Road