Additionally, the APT group created and maintained GitHub repositories for five of the malicious packages, lending an appearance of open source legitimacy and increasing the likelihood of the harmful code being integrated into developer workflows

The attack by the Lazarus Group, uncovered by the Socket Research Team, leveraged GitHub to host malicious repositories, increasing the risk of harmful code integration into developer workflows. Similar campaigns have also been spotted on the Python Package Index (PyPI), highlighting a broader effort to exploit multiple open-source ecosystems.