Translated from the original Japanese article
Tech 4 min read

GitHub Repo Squatting: A Supply Chain Attack Masquerading as Official URLs

Security GitHub Supply Chain Attack

Since around September 2025, a new supply chain attack that turns GitHub’s official features against users has been observed. It distributes malware via links that appear to be the official repository URL. GMO Cybersecurity by Ierae named the technique “Phantom Commit Injection” and published a detailed analysis.

It’s a pretty nasty attack that could upend the long‑held assumption that “it’s safe because it’s the official GitHub repository.”

Overview of the Technique

This method, known as Repo Squatting (repository squatting), abuses GitHub’s fork feature and the way commits are displayed.

On GitHub, commits are internally shared between the fork source and the fork destination. That’s convenient for developers, but also plays into an attacker’s hands: a commit created on the fork can be accessed using the parent repository’s URL format.

How It Works Technically

Commit Sharing

GitHub forks share commit objects for storage efficiency.

親リポジトリ: someone/my-project
フォーク:     attacker/my-project

A commit ea14e30 that the attacker creates on the fork becomes accessible at both of the following URLs:

  • github.com/attacker/my-project/commit/ea14e30 (the original URL)
  • github.com/someone/my-project/commit/ea14e30 (the parent repository’s URL)

Attack Flow

  1. The attacker forks the official repository.
  2. They create a commit that swaps a README.md download link to a malicious URL.
  3. They generate an official‑looking URL that includes that commit ID.
  4. Victims are lured via Google Ads or phishing.

Because the URL takes the form github.com/desktop/desktop/tree/{commit_id}, it looks like the official repository at a glance.

Real‑World Impact: The GPUGate Campaign

From September through October 2025, a large‑scale malware distribution campaign targeting GitHub Desktop was observed. Arctic Wolf dubbed it “GPUGate,” with the following characteristics.

Campaign Details

ItemDetails
TargetsIT companies in Western Europe (infections also seen in Japan)
DistributionGoogle Ads + look‑alike domains (e.g., git-desktop[.]app)
MalwareHijackLoader (Windows), AMOS Stealer (macOS)
CharacteristicsMSI bloated to 128 MB; GPU (OpenCL)‑based decryption

Anti‑Analysis Tricks

The distributed malware implemented clever anti‑analysis measures.

  • File size bloat: 128 MB MSI to evade automated analysis
  • GPU‑dependent decryption: Uses OpenCL to decrypt the payload; it doesn’t run in environments without a GPU (VMs/sandboxes)
  • Environment checks: Halts execution when a virtualized environment is detected

It’s clear the intent was to make life difficult for security researchers.

GitHub’s Response Status

GMO Cybersecurity by Ierae reported the issue to GitHub on September 9, 2025, but as of December 29, 2025 the technique was still reproducible.

GitHub added a feature that displays a warning when opening a link to a commit that didn’t originally exist in the repository, but that is not a fundamental fix. The behavior of sharing commits across forks is deeply embedded in GitHub’s design and likely not easy to change.

There are other GitHub‑related supply chain attacks.

RepoJacking

An attacker takes over a repository by acquiring the original username after the user changes or deletes their account. According to AquaSec, roughly 9 million GitHub projects are considered vulnerable to this attack.

Shadow Commit

A technique that creates tags using commits from a deleted fork. It’s hard to detect because it doesn’t show up in audit logs. It was abused in March 2025 in the tj-actions/changed-files incident (Coinbase was targeted).

Mitigations

For Developers

  • Download directly from the official Releases page: Don’t trust links in README files or commit URLs.
  • Verify GPG signatures: When possible, verify signatures (though on GitHub they’re optional).
  • Use dependency lock files: Avoid depending directly on GitHub URLs; pin versions instead.

For General Users

  • Beware of search ads: Many campaigns steer users to fake sites masquerading as official domains.
  • Check the domain: git-desktop.app and desktop.github.com are completely different.

For Organizations

  • Deploy EDR: Detect loader‑type malware such as HijackLoader.
  • Monitor networks: Block communications to known C2 servers.

References