Lumma Stealer malware linked as project fixes in GitHub comments

News
By published

Don't trust the comments section on GitHub, there is malware lurking

GitHub Webpage
(Image credit: Gil C / Shutterstock)

Cybercriminals have found yet another way to infect software developers with malware - through comments on GitHub projects.

Whenever a developer uploads a project to GitHub, other community members can leave comments below. That way, the wider community can discuss spotting fallacies and vulnerabilities, potential improvements, different suggestions, and more.

Someone found a way to leave comments on the platform en-masse, and is using the technique to try and trick the developers into downloading the Lumma Stealer.

Deleting the comments

As observed by BleepingComputer, there have been thousands of comments, all across the platform, saying pretty much the same thing: “to fix your trouble check this fix, I see it in another issue,” followed by a link from mediafire.com or bit.ly, to a password-protected archive. The archive contains Lumma Stealer, an infamous piece of malware capable of stealing all sorts of sensitive information, from credentials, to cryptocurrency wallet data, to browser information.

It is often distributed through phishing campaigns, malicious attachments, or infected software downloads. In fact, last week security researchers from Mandiant warned that Lumma was being distributed through fake pirated movies online.

Lumma is known for being stealthy, grabbing the files without being spotted by antivirus or antimalware tools. It is offered as a service, for a subscription fee ranging between $250 and $1,000.

Apparently, the crooks left almost 30,000 comments across the platform, and while GitHub’s admins responded by deleting as many comments as possible, some people already fell for the trick.

GitHub is one of the world’s most popular platforms for software developers who build projects using Git. Last year, the platform reportedly had more than 100 million users, a figure which seems to be growing by the day. As such, GitHub is an extremely popular target for cybercriminals, who are always looking for new ways to sneak malware onto the platform.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
An abstract image of digital security.
Hundreds of GitHub repositories hijacked to trick users into downloading malware
A white padlock on a dark digital background.
GitHub is hiding malware disguised as games, legitimate software
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Microsoft reveals over a million PCs hit by malvertising campaign
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Fake Reddit sites found pushing Lumma Stealer malware
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
Image depicting a hand on a scanner
New Lazarus Group campaign sees North Korean hackers spreading undetectable malware through GitHub and open source packages
Latest in Security
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Oracle
Oracle denies data breach after hacker claims to hold six million records
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
Latest in News
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
A phone showing a ChatGPT app error message
ChatGPT was down for many – here's what's happened
AirPods Max with USB-C in every color
Apple's AirPods Max with USB-C will get lossless audio in April, but you'll need to go wired
A woman sitting in a chair looking at a Windows 11 laptop
It looks like Microsoft might have thought better about banishing Copilot AI shortcut from Windows 11
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
US flags
US government IT contracts set to be centralized in new Trump order
More about security
Lock on Laptop Screen

Medusa ransomware is able to disable anti-malware tools, so be on your guard
hacker.jpeg

Key trusted Microsoft platform exploited to enable malware, experts warn
23andMe

23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
See more latest