Cyber security researchers have warned that GitHub users are being targeted with similarly named but malicious copies (containing malicious code) of legitimate repositories. The copied repositories are designed to siphon user environment variables, steal API keys, tokens, crypto keys, and execute arbitrary code on affected endpoints. The advice to developers / GitHub users is to be especially careful when getting code from the platform, and to pay attention to potential typo squats (URL hijacking / cybersquatting), repository copies, clones, or forks (copies of a Git repositories).
Security Stop-Press : GitHub Users Targeted With Malicious Copies Of Repositories
