Threat actors are abusing GitHub automation features and malicious Visual Studio projects to push a new variant of the "Keyzetsu" clipboard-hijacking malware and steal cryptocurrency payments.

GitHub has enabled push protection by default for all public repositories to prevent accidental exposure of secrets such as access tokens and API keys when pushing new code.

To link a new Git branch to your remote GitHub or GitLab repo, you must use the 'set upstream' Git push command. This walkthrough shows you how.

The workflow is straightforward, push a new commit to your main branch on GitHub, and the action will trigger, building a few different versions.