Malware dubbed Octopus Scanner infects NetBeans projects hosted on the web-based code hosting platform to spread to Windows, Linux, and MacOS systems. Researchers found 26 open source projects compromised by the malware that inadvertently served up its backdoored code to any developers that would fork or clone the repos. The malware is also designed to block new builds from replacing the compromised one by keeping its malicious build artifacts in place. Researchers also found four samples of this malware while querying repositories on the platform for any infected projects.
Source: https://www.bleepingcomputer.com/news/security/new-octopus-scanner-malware-spreads-via-github-supply-chain-attack/