Hundreds of GitHub repos found posing as real software to push malware
- ArcticWolf uncovered 292 malicious GitHub repositories spoofing legitimate tools and products, delivering a new BoryptGrab infostealer variant
- Malware steals from 19 browsers, 32 crypto wallets, messaging apps, Steam, and Windows Credential Manager, and uniquely bypasses Chrome’s App‑Bound Encryption via code injection
- Most repos have been removed, but some remain active; GitHub’s popularity makes it a prime target, underscoring the need to vet code before use
Russian actors have reportedly created hundreds of malicious GitHub repositories masquerading as legitimate software but acting as a dangerous infostealer.
Cybersecurity researchers ArcticWolf discovered the campaign after finding their own products spoofed as part of the attack.
In total, the researchers found 292 fake repositories, spoofing things like security products, developer tools, macOS utilities, games, and more. Each repository contained a README file with the download URL.
Obviously malicious
Victims who download the program get a variant of the BoryptGrab infostealer family that grabs data...
Copyright of this story solely belongs to techradar.com. To see the full text click HERE