I discovered a large-scale malware distribution on GitHub

A developer discovered 10,000 repositories on GitHub distributing Trojan malware. The repos share a common pattern, are not forks, and push commits adding a link to a zip archive. GitHub support took over a month to remove the initially reported repos.