I’m sure you’ve looked at your News Feed on your GitHub account and have seen the occasional Forking or Staring of something of yours or someone following you:
Yet, I have noticed most of this activity to be suspicious to say the least.
The common things I see are:
- Only forking of others’ projects that for the most part are random, no common languages, utility, etc.
- No public projects of their own.
- No contributions to anything they have forked.
- Activity in spurts; within the same day.
- They follow and are followed by like accounts with the same traits.
- Those accounts seem to have creation dates that are similar
I’v reported these accounts as suspicious but they can’t do anything about — or won’t. As they haven’t done anything. But, this has to take up disk space. I think this may be a slow build up of accounts to blend in for eventual network of malware spreading. I hope GitHub wises up to this soon and makes sign ups a bit less trusting. Email verification? Something.