Hundreds of GitHub repositories masquerade as real software to spread malware


  • ArcticWolf discovered 292 malicious GitHub repositories spoofing legitimate tools and products, providing a new variant of the information stealer BoryptGrab.
  • The malware steals 19 browsers, 32 crypto wallets, email apps, Steam, and Windows Credential Manager, and uniquely bypasses Chrome’s app-related encryption via code injection.
  • Most repositories have been deleted, but some remain active; The popularity of GitHub makes it a prime target, highlighting the need to verify code before use.

Russian actors have reportedly created hundreds of malicious GitHub repositories masquerading as legitimate software, but acting as a dangerous information stealer.

Cybersecurity researchers ArcticWolf discovered the campaign after discovering their own products had been spoofed as part of the attack.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top