Backdoored versions of popular software being distributed on GitHub: https://www.zdnet.com/article/researchers-uncover-ring-of-github-accounts-promoting-300-backdoored-apps/
Perhaps it's only a matter time before we see blue checkmarks on repos? I suppose the star count does help distinguish real repos.