GitHub fake-repository infostealer campaign
Campaign
Updated: 14.07.2026 22:15
· First: 14.07.2026 22:15
· 📰 1 src / 1 articles
· H score: 41
A GitHub impersonation campaign is distributing infostealer malware through 292 fake repositories, expanding the risk to users searching for trusted software downloads. The operation uses README links and spoofed download pages to push a ZIP archive that side-loads a trojanized DLL into a signed updater. The payload can bypass Chrome’s App-Bound Encryption and steals browser, wallet, messaging, and credential data. Several dozen redirectors were still active at report time, keeping the delivery chain live.