VERY IMPORTANT

On March 9, Github received a message from a security researcher informing us about a set of GitHub-hosted repositories that were, presumably unintentionally, actively serving malware. After a deep-dive analysis of the malware itself, we uncovered something that we had not seen before on our platform: malware designed to enumerate and backdoor NetBeans projects, and which uses the build process and its resulting artifacts to spread itself. In the course of our investigation Github uncovered 26 open source projects that were backdoored by this malware and that were actively serving backdoored code.