Hundreds of GitHub repositories found posing as real software to push malware



  • ArcticWolf discovered 292 malicious GitHub repositories spoofing legitimate tools and products, delivering a new information-stealing variant of BoryptGrab.
  • The malware steals from 19 browsers, 32 crypto wallets, messaging apps, Steam, and Windows Credentials Manager, and uniquely bypasses encryption linked to Chrome apps through code injection.
  • Most repositories have been removed, but some remain active; The popularity of GitHub makes it a prime target, underscoring the need to examine code before using it.

Russian actors have reportedly created hundreds of malicious GitHub repositories posing as legitimate software but acting as a dangerous information thief.

Cybersecurity researchers ArcticWolf discovered the campaign after finding their own counterfeit products as part of the attack.

Leave a Comment

Your email address will not be published. Required fields are marked *