Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Google Ads fake GitHub commit malvertising campaign targeting Western Europe

Campaign
First reported
Last updated
Happening score
H score 46
1 unique sources, 1 articles

Summary

Hide ▲

A malvertising campaign is using Google Ads and fake GitHub commit links to deliver malware to IT and software development companies in Western Europe, increasing the chance of infection through routine software searches. The lure mimics GitHub Desktop and redirects victims to a counterfeit site at gitpage[.]app. The first-stage payload is a 128 MB MSI that uses GPU-gated decryption to evade many sandboxes and analysis environments. The execution chain then runs VBS and PowerShell to add Microsoft Defender exclusions, establish persistence, and launch additional payloads.

Related Happenings

SEO-poisoned GitHub facade campaign targeting enterprise admin tools

Campaign
First: 30.04.2026 14:30 Last: 30.04.2026 14:30 Sources 1

About this happening: A **high-resilience SEO-poisoning campaign** is pushing **malicious MSI installers** through **dual-stage GitHub facades**, raising the risk that enterprise admins and security st...

Open Happening

EtherRAT malicious MSI loader with Ethereum-based C2

Malware Activity
First: 30.04.2026 14:30 Last: 30.04.2026 14:30 Sources 1

About this happening: The **EtherRAT** malware is being delivered through **malicious MSI installers** and gives attackers **persistent Windows access**, increasing the risk of covert control inside en...

Open Happening

Famous Chollima PromptMink supply-chain campaign targeting Web3 developers

Campaign
First: 29.04.2026 17:43 Last: 29.04.2026 17:43 Sources 1

About this happening: The **PromptMink** campaign is widening **Famous Chollima**'s supply-chain intrusion playbook by pushing **tainted npm packages** into developer environments and stealing secrets....

Open Happening

Prt-scan GitHub pull_request_target supply-chain campaign

Campaign
First: 07.04.2026 00:38 Last: 07.04.2026 00:38 Sources 1

About this happening: The **prt-scan** campaign used **AI-assisted automation** to scale a broad **GitHub supply-chain** operation, increasing risk for repositories configured with `pull_request_target...

Open Happening

TroyDen's Lure Factory GitHub Trojanized package campaign

Campaign
First: 24.03.2026 16:59 Last: 24.03.2026 16:59 Sources 1

About this happening: The **TroyDen's Lure Factory** campaign is distributing **300+ Trojanized GitHub packages**, broadening supply-chain risk for **developers, gamers, and the general public**. One o...

Open Happening

Timeline

  1. 08.09.2025 18:02 2 articles · 8mo ago

    Google Ads malvertising lures Western European IT firms to fake GitHub downloads

    Initial Disclosure

    Arctic Wolf described a malvertising campaign that uses paid ads on search engines like Google and altered GitHub commit links to steer users searching for tools like GitHub Desktop to a malicious download on gitpage[.]app. The activity has targeted IT and software development companies in Western Europe since at least December 2024, and the first-stage payload is a 128 MB MSI that uses GPU-gated decryption to evade sandboxes before launching VBS and PowerShell steps that add Microsoft Defender exclusions, set scheduled-task persistence, and drop additional payloads.

    Show sources
    Open in new tab