Fraudulent rating-boosting stars prevalent in GitHub

Over 15,800 GitHub repositories have been given 3.1 million inauthentic stars meant to bolster their legitimacy and reach, with almost 16% of repositories awarded 50 stars in July leveraged in malicious campaigns, reports BleepingComputer.

Most of the repositories and more than half of the suspected fake accounts that provided the stars have already been removed from GitHub by October, according to a study from Socket, North Carolina State University, and Carnegie Mellon University researchers. Further analysis revealed that the names "crack," "bot," "auto," "pro," "adobe 2024," "free," and "activation" were most prevalent among deleted repositories while the names "telegram," "bot," "sniper," "api," "project," and " github," were among the most common in those that remain on GitHub. Increasingly pervasive malicious repositories across GitHub should prompt users to prioritize repository quality and activity while carefully evaluating content, contributions, documentation, and code, rather than consider the number of stars alone. GitHub has yet to provide more information regarding efforts to combat fake stars across its platform.