GitHub comments abused to push malware via Microsoft repo URLs (
from tedu to cloudsec on 20 Apr 2024 22:13

While most of the malware activity has been based around the Microsoft GitHub URLs, this "flaw" could be abused with any public repository on GitHub, allowing threat actors to create very convincing lures.

The URLs for the malware installers, shown below, clearly indicate that they belong to the Microsoft repo, but we could not find any reference to the files in the project's source code.

Finding it strange that a Microsoft repo would be distributing malware since February, BleepingComputer looked into it and found that the files are not part of vcpkg but were uploaded as part of a comment left on a commit or issue in the project.


threaded - newest