When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
The campaign is aimed at exploiting the inherent trust many organizations place in GitHub as a developer platform.
This protection also made it more difficult for malware scanners to detect and inspect the contents of the archive.
The attackers appear to have been testing the waters with a smaller campaign, focusing on these two industries.
Over the years, phishing techniques have evolved, becoming more sophisticated and harder to detect.
Cybercriminals now leverage trusted platforms, disguise malicious intent behind legitimate-looking messages, and use advanced social engineering techniques.
