• 2 min read
292 fake GitHub repos pushed a stealthy infostealer
ArcticWolf found 292 GitHub repositories posing as real software to spread a BoryptGrab variant that steals browser, wallet, and app data.

Image: TechRadar
ArcticWolf says it found 292 malicious GitHub repositories posing as legitimate software projects and delivering a new BoryptGrab infostealer variant.
The campaign spoofed a wide range of software, including security products, developer tools, macOS utilities, and games. According to the report, the attackers even impersonated ArcticWolf’s own products. Each repository included a README pointing victims to a download URL.
Once installed, the malware tries to grab data fast rather than stick around. ArcticWolf said the payload can steal information from 19 browsers, including passwords, cookies, and payment data, along with data from 32 cryptocurrency wallets, Telegram, Discord, Steam sessions, credentials for Meta’s Max, and the Windows Credential Manager. It can also exfiltrate files from Desktop and Documents and capture screenshots.

Recommended reading
Google backs 1.8 GW Arkansas solar project
What sets this variant apart from other BoryptGrab samples, according to the researchers, is its ability to bypass Chrome’s App-Bound Encryption by injecting code directly into the browser process.
The malware appears built for smash-and-grab theft, not long-term persistence. TechRadar reports it has no anti-analysis layer, does not meaningfully hide itself, and does not establish persistence, instead attempting to collect as much sensitive data as possible on the first run.
The campaign appears to have started in the final days of June. Most of the malicious repositories have since been removed from GitHub, but BleepingComputer, citing researchers, said several dozen were still active. While the threat actors were not explicitly identified as Russian, the stolen data was reportedly sent to a Russia-based command-and-control infrastructure.
The incident is another reminder of how attractive GitHub has become to attackers. Its central role in the open-source ecosystem means developers need to vet repositories carefully before downloading code or binaries.
Culture Editor
Maya explores gaming, streaming, and the internet as a place where people actually live. From deep-dives into creator economies to the anthropology of digital communities, she tracks platform drama and cultural shifts so you don't have to. She believes the best tech stories are fundamentally about human behavior.
via TechRadar


