Advertisement
Threat actors are leveraging public GitHub repositories to host malicious payloads and distribute them via Amadey as part of a campaign observed in April 2025.
“The MaaS [malware-as-a-service] operators used fake GitHub accounts to host payloads, tools, and Amadey plug-ins, likely as an attempt to bypass web filtering and for ease of use,” Cisco Talos researchers Chris Neal and Craig Jackson
Advertisement
(Except for the headline, this story has not been edited by PostX News and is published from a syndicated feed.)
