{"id":234189,"date":"2026-03-28T03:12:23","date_gmt":"2026-03-28T08:12:23","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/03\/fake-vs-code-alerts-on-github-spread-malware-to-developers"},"modified":"2026-03-28T03:12:23","modified_gmt":"2026-03-28T08:12:23","slug":"fake-vs-code-alerts-on-github-spread-malware-to-developers","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/03\/fake-vs-code-alerts-on-github-spread-malware-to-developers","title":{"rendered":"Fake VS Code alerts on GitHub spread malware to developers"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/fake-vs-code-alerts-on-github-spread-malware-to-developers.jpg\"><\/a><\/p>\n<p>A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading malware.<\/p>\n<p>The spammy posts are crafted as vulnerability advisories and use realistic titles like \u201cSevere Vulnerability \u2014 Immediate Update Required,\u201d often including fake CVE IDs and urgent language.<\/p>\n<p>In many cases, the threat actor impersonates real code maintainers or researchers for a false sense of legitimacy.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading malware. The spammy posts are crafted as vulnerability advisories and use realistic titles like \u201cSevere Vulnerability \u2014 Immediate Update Required,\u201d often including fake CVE IDs [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-234189","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/234189","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=234189"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/234189\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=234189"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=234189"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=234189"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}