Threat actors are leveraging public GitHub repositories to host malicious payloads and distribute them via Amadey as part of a campaign observed in April 2025. "The MaaS [malware-as-a-service] operators used fake GitHub accounts to host payloads, tools, and Amadey plug-ins, likely as an attempt to bypass web filtering and for ease of use," Cisco Talos researchers Chris Neal and Craig Jackson
![]()
source https://thehackernews.com/2025/07/hackers-use-github-repositories-to-host.html
source https://thehackernews.com/2025/07/hackers-use-github-repositories-to-host.html