This is getting to be embarrassing. It’s been almost a week of trying to alert GitHub to multiple spoofed repositories serving malware. Everyone appears to be sleeping on the job. The malware is easily compared to known IoCs, so it’s even easily automatable.
Can someone at GitHub wake the hell up already and stop serving malware?
Here’s an obvious one: https://github.com/ojas1103/CircleProgressKit
And others:
https://github.com/AkashiKensei/Zenix-Account-Creator
https://github.com/MinhDuong2571/DNSrce
https://github.com/xcwv667/eth-input-call-data-builder
https://github.com/ForgedRice/deepseek-api-client
https://github.com/Losnunes/SHOOTER
https://github.com/Alexbochechudo/encode-reactjs-intermediate-2024
https://github.com/Dawsandos/monster-energy-theme/releases
https://github.com/popopopopopopopopopopopopopopo/TuneText
https://github.com/Cynicave/Crunchyroll-Account-Checker
