GitHub ‘Ghost Accounts’

I’m sure you’ve looked at your News Feed on your GitHub account and have seen the occasional Forking or Staring of something of yours or someone following you:

i'm famous

Yet, I have noticed most of this activity to be suspicious to say the least.

The common things I see are:

  • Only forking of others’ projects that for the most part are random, no common languages, utility, etc.
  • No public projects of their own.
  • No contributions to anything they have forked.
  • Activity in spurts; within the same day.
  • They follow and are followed by like accounts with the same traits.
  • Those accounts seem to have creation dates that are similar
Its a digital army of zombies!
Its a digital army of zombies!
Shuffling zombies
Lazy Zombies

I’v reported these accounts as suspicious but they can’t do anything about — or won’t. As they haven’t done anything. But, this has to take up disk space. I think this may be a slow build up of accounts to blend in for eventual network of malware spreading. I hope GitHub wises up to this soon and makes sign ups a bit less trusting. Email verification? Something.




Leave a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: