[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-a-researcher-found-10000-github-repos-pushing-trojan-malware":10,"sections":40},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":22,"persona_id":22,"persona_name":22,"section":30,"tags":31,"sources":35,"feedback":39,"feedback_at":22,"cost_usd":39,"total_tokens":39},1620,"a-researcher-found-10000-github-repos-pushing-trojan-malware","A Researcher Found 10,000 GitHub Repos Pushing Trojan Malware","One researcher's sweep of GitHub turned up roughly 10,000 repositories quietly distributing trojan malware to unsuspecting developers.","GitHub is hosting a malware distribution network at scale — and it took an independent researcher to map it.\n\nA security researcher documented finding approximately 10,000 GitHub repositories set up to distribute trojan malware. The repositories appear designed to attract developers — the most common target for this kind of supply chain staging ground. The full technical writeup is available at the researcher's own site. The finding drew enough attention to surface near the top of Hacker News, with over 500 points and more than 130 comments.\n\nGitHub's scale is exactly what makes it an attractive abuse target: millions of repositories, a trusted brand, and developers conditioned to pull code from it without much scrutiny. Ten thousand malicious repositories is not a rounding error — it suggests either an automated seeding campaign or a coordinated effort with enough resources to build at volume.\n\nGitHub has faced similar abuse before, from typosquatting packages to fake release assets, and its automated detection has a mixed record. Whether this batch was caught before or after the researcher published is a question the platform hasn't answered.","[\"security\",\"github\",\"malware\",\"supply-chain\"]","2026-06-18T11:45:43.000Z","2026-06-19T07:31:31.323Z","2026-06-19T07:31:32.958Z","published",null,[24],{"id":25,"reviewer":26,"round":27,"reason":28,"status":29},"editor-r1","editor",1,"The article invents specifics not supported by the source — 'published this week,' 'drew significant attention from the developer security community,' the claim about 'security tooling' being bypassed, and the analysis of detection gaps — all go beyond what the source material establishes; strip unsupported implications and link to the actual researcher's writeup as the primary source.","resolved","security",[30,32,33,34],"github","malware","supply-chain",[36],{"name":37,"url":38},"Hacker News","https:\u002F\u002Forchidfiles.com\u002Fgithub-repositories-distributing-malware\u002F",0,{"sections":41},[42,47,50,55,60,65,70,75,79,84,89,94,99,104],{"name":43,"slug":44,"count":45,"latest_published_at":46},"AI","ai",490,"2026-06-19T04:00:00.000Z",{"name":48,"slug":30,"count":49,"latest_published_at":46},"Security",132,{"name":51,"slug":52,"count":53,"latest_published_at":54},"Policy","policy",88,"2026-06-16T09:26:09.000Z",{"name":56,"slug":57,"count":58,"latest_published_at":59},"Consumer Tech","consumer-tech",78,"2026-06-16T17:58:24.000Z",{"name":61,"slug":62,"count":63,"latest_published_at":64},"Hardware","hardware",62,"2026-06-18T15:24:16.000Z",{"name":66,"slug":67,"count":68,"latest_published_at":69},"Software","software",58,"2026-06-16T20:00:00.000Z",{"name":71,"slug":72,"count":73,"latest_published_at":74},"Deals","deals",56,"2026-06-19T12:30:04.000Z",{"name":76,"slug":77,"count":78,"latest_published_at":46},"Dev Tools","dev-tools",50,{"name":80,"slug":81,"count":82,"latest_published_at":83},"Science","science",38,"2026-06-18T04:00:00.000Z",{"name":85,"slug":86,"count":87,"latest_published_at":88},"Gaming","gaming",31,"2026-06-16T15:25:13.000Z",{"name":90,"slug":91,"count":92,"latest_published_at":93},"General","general",26,"2026-06-13T18:35:15.000Z",{"name":95,"slug":96,"count":97,"latest_published_at":98},"Startups","startups",23,"2026-06-16T15:00:00.000Z",{"name":100,"slug":101,"count":102,"latest_published_at":103},"Reviews","reviews",19,"2026-06-14T08:00:00.000Z",{"name":105,"slug":106,"count":107,"latest_published_at":108},"How-To","how-to",6,"2026-06-16T09:00:00.000Z"]