Botnet Abuses GitHub Repositories to Spread Malware

Hackers Using Amadey Bot to Drops Payloads From Fake GitHub Accounts Prajeet Nair (@prajeetspeaks) • July 18, 2025

Threat actors are using public GitHub repositories to host and distribute malware through the Amadey botnet in an ongoing campaign linked to a broader malware-as-a-service operation, Cisco Talos reported.

See Also: Beyond Replication & Versioning: Securing S3 Data in the Face of Advanced Ransomware Attacks

The campaign, observed in April, reveals how fake GitHub accounts were used to host malicious payloads, tools and Amadey plug-ins, enabling operators and take advantage of GitHub's legitimate traffic patterns - "likely as an attempt to bypass web filtering and for ease of use," Cisco Talos said in a report published Thursday.

Talos researchers Chris Neal and Craig Jackson said that the operation overlaps with a ...