GitHub exploited to spread malware: MaaS-type operation discovered.

According to a recent investigation conducted by a team from the US multinational Cisco, the GitHub hosting service was allegedly misused as a vehicle for distributing malicious software. As a company specializing in the supply of networking devices, Cisco Systems employed its cybersecurity division, Cisco Talos, to investigate the case in question.

What was discovered during the investigation was identified as a MaaS (malware-as-a-service) operation in place since February 2025, aimed at exploiting the GitHub platform for uploading and spreading malware. The intermediary use of the latter ensured the success of the operation, as it was a legitimate domain (at least in appearance) and therefore able to evade most controls.

Following the investigation, GitHub removed the accounts allegedly involved in the incident.