Devs are increasingly succumbing to hacking attacks. Last week, more than 35 big Chrome extensions spread malware to millions of users. The reason? Devs succumbing to phishing attacks.
A similar thing is currently happening on Github; a lot of repositories containing malware are inflating their popularity with fake stars.
If you're a technical dev, this something you want to keep an eye on. Double-check any Github repository you decide to use. Here's yet another hacking attempt on Github:
If you get a link, double check the "DNS" Name the same goes for a E-Mail Address.
If you know the original DNS Name, check if there are more Letters , Signs or Numbers added to the Address. Usually they use a subdomain, those are simple to detect.
If you don't trust the E-Mail or Person who sends you the Link, don't click on it!
The same goes to the content of let's say from an E-Mail. If it doesn't make sense to you ignore or block it !
I hope it helps! :)
Absolutely! This is an ongoing issue that developers should definitely be aware of. The rise in phishing attacks and fake repositories on platforms like Github is alarming. It’s so easy to get caught up in the numbers (like fake stars) and trust repositories without thoroughly vetting them.
I recommend always double-checking the repository's history, reviews, and checking for any signs of unusual activity, like sudden spikes in stars or updates from suspicious contributors. It’s also a good idea to use tools like Snyk or Dependabot to scan for known vulnerabilities in dependencies.
Also, don’t forget to enable 2FA (two-factor authentication) on your Github account and always be cautious when clicking on links or downloading files, especially when they’re from unknown sources.
Stay safe out there, and always stay alert!