GitHub is hiding malware disguised as games, legitimate software

A white padlock on a dark digital background.

(Image credit: Shutterstock.com)

McAfee researchers find number of malicious GitHub repositories
The repositories change every week, but always promise game cracks, hacks, or free access to commercial software
But instead of the cracks, the victims get infected with Lumma Stealer

Cybercriminals are using GitHub to target children with infostealing malware, a new McAfee report has claimed, saying it spotted an ongoing malicious campaign on the popular code repository.

In an analysis, the researchers said they observed many repositories pretending to be game hacks, cracks, or free versions of otherwise commercial software. However, instead of providing these programs, the repositories were actually hosting Lumma Stealer, a known infostealer malware.

“McAfee Labs encountered multiple repositories, offering game hacks for top-selling video games such as Apex Legends, Minecraft, Counter Strike 2.0, Roblox, Valorant, Fortnite, Call of Duty, GTA V and or offering cracked versions of popular software and services, such as Spotify Premium, FL Studio, Adobe Express, SketchUp Pro, Xbox Game Pass, and Discord to name a few,” the researchers said.

Disabling the AV

This “network of repositories”, as McAfee described it, changes the description every week, and creates new repositories, since the old ones get flagged and removed by GitHub. The payload, however, always remains the same.

“These repositories also include distribution licenses and software screenshots to enhance their appearance of legitimacy,” McAfee concluded.

The descriptions also contain instructions on how to download and run the malware, and how to disable any antivirus programs on the computer, before running it. The attackers said that antivirus solutions flag these programs as false-positives, and can safely be ignored.

McAfee says this social engineering technique, combined with the trust GitHub enjoys with its users works well, and that the campaign infected many users. The researchers did not share any numbers, but stressed that the targets are mostly on the younger side:

“Children are frequently targeted by such scams, as malware authors exploit their interest in game hacks by highlighting potential features and benefits, making it easier to infect more systems.”

Ransomware attack forces US government contractor ENGlobal to shut down some operations
Here's a list of the best firewalls around today
These are the best endpoint security tools right now

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.