A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading malware.
The spammy posts are crafted as vulnerability advisories and use realistic titles like “Severe Vulnerability - Immediate Update Required,” often including fake CVE IDs and urgent language.
In ...
This attack pattern demonstrates a sophisticated level of organization and automation. The threat actors are using GitHub Discussions to trigger email notifications to a large number of tagged users and followers, ensuring that the posts reach a wide audience. The use of fake CVE IDs and urgent language, along with impersonating real code maintainers or researchers for a false sense of legitimacy, adds to the credibility of the spammy posts. This campaign is an example of how threat actors are c...