Ghrc.io appears to be malicious
A simple typo of ghcr.io to ghrc.io would normally be a small goof. You’d typically get a 404 or similar error, finally work out the issue, fix it, and move along. But in this case, that typo appears to be doing something very malicious, stealing GitHub credentials.What’s ghcr.io?#First, a quick bit of background. ghcr.io is an OCI conformant registry for container images and OCI artifacts used by a lot of projects. It’s part of GitHub and is a very popular image and artifact repository used by open source projects.ghrc.io Is Just a Default Nginx#At first glance, ghrc.io is just a default nginx install:$ curl -i https://ghrc.io/ HTTP/2 200 server: nginx date: Fri, 22 Aug 2025 17:58:01 GMT content-type: text/html content-length: 615 last-modified: Tue, 23 Apr 2024 14:04:32 GMT etag:…
