One Million Devices Infected By Bad GitHub Repositories, But Microsoft Says It’s Totally Not Their Fault

It Was Those Dastardly Pirates, Not Microsoft … Apparently

There were over a million devices infected with malware after being directed to bad GitHub repositories by clicking in video links leading to those repositories.  Microsoft contends they are totally innocent because the videos that had these links were from illegal pirated streaming websites.  “The streaming websites embedded malvertising redirectors within movie frames to generate pay-per-view or pay-per-click revenue from malvertising platforms“. If someone watching those streams happened to click on the link to the bad GitHub repository and installed the software found there, they became infected with an unspecified virus, which then attempted to spread to other machines.

The fact that Microsoft owns GitHub and let those poisoned repositories continue to be hosted on GitHub apparently doesn’t matter.  Seeing as how the infected machines fell victim to the malware because they were watching pirated videos, apparently Microsoft feels that absolves them of any responsibility whatsoever.  It doesn’t seem like a great move, seeing as how Microsoft is essentially admitting they have no idea if a repository contains malicious code or not.  That is a great way to build trust; so be careful when you visit GitHub as you might come away with something you didn’t actually want.