AI-assisted campaign floods GitHub with over 300 malicious repositories

April 13, 20262 min read1 sources
Share:
AI-assisted campaign floods GitHub with over 300 malicious repositories

Cybersecurity firm Checkmarx has uncovered a large-scale software supply chain attack on GitHub, dubbed "RepoStorm." The campaign, active since at least mid-May 2024, has leveraged artificial intelligence to create and promote over 300 malicious repositories designed to trick users into downloading information-stealing malware.

The threat actors created fake repositories that impersonated a wide range of assets, from developer tools and cracked software to cheats for popular games like Roblox, Fortnite, and Grand Theft Auto V. According to the Checkmarx report, AI was likely used to generate convincing repository names, detailed README files, and persuasive descriptions, allowing the campaign to operate at a significant scale. Users searching for these tools were lured into downloading ZIP archives that appeared legitimate.

These archives did not contain the promised software. Instead, they delivered well-known malware payloads, primarily information stealers such as Lumma, Vidar, and RedLine Stealer. Once executed, this malware is designed to harvest sensitive data from a victim's machine, including browser history, saved credentials, cookies, and cryptocurrency wallet information. In some instances, the repositories were also found to distribute Remote Access Trojans (RATs).

The campaign targets a broad audience, from individual developers and gamers to employees who might download these tools on corporate devices, creating a risk of business network compromise. The use of AI to generate plausible content makes it more difficult for users to distinguish malicious repositories from legitimate ones. Following the disclosure from Checkmarx, GitHub has reportedly removed most of the identified malicious repositories. Security professionals advise users to only download software from official, verified sources and to be highly skeptical of repositories offering cheats or pirated applications.

Share:

// SOURCES

// RELATED

Meta settles bellwether lawsuit alleging addictive design harmed student mental health

Meta's confidential settlement with a Washington school district marks a pivotal moment in the massive litigation against social media's psychological

6 min readMay 24

Huawei zero-day attack behind last year’s crash of Luxembourg's entire telecoms network

A sophisticated zero-day attack on Huawei routers allegedly caused Luxembourg's 2023 national telecom outage, raising severe global security concerns.

6 min readMay 23

MiniPlasma Windows 0-day enables SYSTEM privilege escalation on fully patched systems

A newly disclosed 0-day flaw, MiniPlasma, allows attackers to gain full SYSTEM control on patched Windows systems, with a public PoC accelerating risk

6 min readMay 18

The ransomware dilemma: why more than half of security chiefs would pay the price

A new survey reveals 56% of CISOs would consider paying a ransom, highlighting the intense pressure to restore operations despite official guidance.

6 min readMay 16