Hundreds of GitHub repos were found to be genuine software for pushing malware


  • ArcticWolf uncovered 292 malicious GitHub repositories that counterfeited legitimate tools and products and delivered a new BoryptGrab infostealer variant
  • Malware steals from 19 browsers, 32 crypto wallets, messaging apps, Steam and Windows Credential Manager and uniquely bypasses Chrome’s App-Bound Encryption via code injection
  • Most repos have been removed, but some remain active; GitHub’s popularity makes it a prime target, underscoring the need to vet code before use

Russian actors have reportedly created hundreds of malicious GitHub repositories that masquerade as legitimate software but act as a dangerous info stealer.

Cybersecurity researchers ArcticWolf discovered the campaign after finding their own products counterfeited as part of the attack.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top