GitHub becomes go-to platform for malware delivery across Europe

[Parkinsond]

Content source

https://www.helpnetsecurity.com/2025/05/28/attackers-phishing-method-europe/

Attackers often strategically choose where to host their malware, making the hosting part of a broader effort to trick users through social engineering. They tend to use platforms that people already trust, especially widely used cloud apps, because that trust makes it more likely that someone will open a malicious file.

This year, GitHub tops the list, with 16% of organizations in the European region seeing malware downloads from the platform each month. That’s a noticeable shift from last year, when Microsoft OneDrive was the most used service for delivering malware.

GitHub’s rise is likely tied to its popularity among developers and its role in hosting red teaming tools, some used legitimately, others abused by threat actors. Right behind GitHub are OneDrive, Google Drive, and Amazon S3.

GitHub becomes go-to platform for malware delivery across Europe - Help Net Security

Phishing has become the go-to method for attackers looking to get past security controls and access sensitive environments in Europe

www.helpnetsecurity.com

 

[jamey910111]

i blame this more on ppl than on github.

 

[Parkinsond]

i blame this more on ppl than on github.

Yes; anyway, zero-trust policy is a good one.

 

[Marko :)]

Every platform that offers a free or cheap service is prone to abuse and they can't really protect themselves from that.

 

[Parkinsond]

Every platform that offers a free or cheap service is prone to abuse and they can't really protect themselves from that.

Every platform is prone to abuse, regardless of what they offer.

 

[Trident]

Every platform is prone to abuse, regardless of what they offer.

If something can be used, then it can be abused. Though Github can definitely implement the necessary measures to better scan the hosted code, although fragmentation is possible as well…. Actually, very little can be done.

Github, paste.ee and so on allow malware creators to run cost-efficient, not to say free botnet. Strengthening one platform is just gonna move attackers to another one.

 

[Marko :)]

Every platform is prone to abuse, regardless of what they offer.

I doubt platform that costs 500€ per month will get abused. It can be, of course, but chances are slim. On the other hand, if the platform is free and all you need is an e-mail address, then it's definitely getting abused.

Anyone remembers Freenom/OpenTLD?

 

[Trident]

I doubt platform that costs 500€ per month will get abused. It can be, of course, but chances are slim. On the other hand, if the platform is free and all you need is an e-mail address, then it's definitely getting abused.

Anyone remembers Freenom/OpenTLD?

Depends on how prolific the botnet is and what’s the turnover from it. But yes, generally, free tools and platforms are much more welcome in the attackers’ arsenal.