A Tom's Hardware article (June 28, 2026) reports that during Operation Offsides—a U.S.

A Tom's Hardware article (June 28, 2026) reports that during Operation Offsides—a U.S. Justice Department seizure of nearly 400 domains illegally streaming the 2026 FIFA World Cup—investigators traced redirect chains to information-stealing malware hosted on GitHub. Citing a Microsoft Threat Intelligence analysis, the article states that after the 2024 World Cup, a malvertising campaign reaching nearly 1 million devices funneled users through redirectors to Lumma and Doenerium stealers hosted on GitHub repositories. This highlights GitHub's ongoing challenge with abuse of its platform for malware distribution. The operation underscores the security risk posed by GitHub as a vector for supply-chain attacks, potentially eroding trust among developers and enterprises relying on the platform for software dependencies. The article notes that infections often require only a single click. While GitHub has policies against malware, the persistence of such abuse can lead to increased regulatory scrutiny, more aggressive takedown requests, and reputational damage. This event is medium confidence (single article but backed by Microsoft Threat Intelligence) and points downward for GitHub's security posture. Source: Tom's Hardware