Well, my trend detection logic rewards recent stars more than older ones [1]. Recency is an important factor for many custom and public tools that track GitHub trends. I think the bad guys intentionally recreate repos - I actually noticed that.

That being said, they do take action if you report the repo. So I'm guessing good users are doing the heavy lifting here with reporting. I don't believe GitHub is taking enough proactive measures, or maybe they do, but it's not working well, obviously.

https://hadid.dev/posts/github-trends/#growth-based-approach

Yea, I'd change it to, they care about the malware and will remove the repos, but above everything else they don't want to slow down the signup flow