How do you report malware hosted as GitHub attachments? #150549
Replies: 1 comment 4 replies
-
|
Report to GitHub's Trust & Safety Form GitHub has a dedicated Abuse/Trust & Safety reporting form: |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the answer though the form has a required field Please provide the username, repository, or GitHub Pages URL you wish to report.* This needs to be one of those (it's validated on entry) which I do not have. |
Beta Was this translation helpful? Give feedback.
-
|
Use the attachment URL in the required field and explain in the description that you don’t know the repository but the files are malicious. If blocked, email mailto:[email protected] with the URLs. |
Beta Was this translation helpful? Give feedback.
-
|
Do you have any suggestions on how GitHub could improve the process of reporting harmful content to make it more user-friendly? |
Beta Was this translation helpful? Give feedback.
-
|
The form they have is fine, all they need to do is remove the strong validation on the required field for a link to a repo etc so it can accommodate edge cases |
Beta Was this translation helpful? Give feedback.
-
Select Topic Area
Question
Body
I have a bunch of direct links to malware payloads hosted on Github for an active malware campaign, I only have the links, I do not know who uploaded them, which issue or whatever they were attached to, I only have the direct links to the files for example:
hxxps://github.com/user-attachments/files/[numbers]/[filename]
There appears to be no way to open a ticket for abuse/trust & safety, so how can these be delt with?
This appears to be a long standing issue as I've already seen the same question asked before (June 2024) and it was closed and locked without an answer, also the link they gave as an example is still live :/
Beta Was this translation helpful? Give feedback.
All reactions