AI-Assisted Fake GitHub Repositories Fuel SmartLoader and LummaStealer Distribution www.trendmicro.com/en_us/res…

Trend Research uncovered a campaign that uses fake GitHub repositories to distribute SmartLoader, which is then used to deliver Lumma Stealer and other malicious payloads. These repositories disguise malware as gaming cheats, cracked software, and system tools to deceive users.

The campaign leverages GitHub’s trusted reputation to evade detection, using AI-generated content to make fake repositories appear legitimate. Malicious ZIP files contain obfuscated Lua scripts that execute harmful payloads upon extraction.

If the attack succeeds, threat actors can steal sensitive information like cryptocurrency wallets, two-factor authentication (2FA) extensions, login credentials, and other personally identifiable information (PII) that can potentially lead to identity theft and financial fraud.

Cybercriminals are adapting from using GitHub file attachments to creating entire repositories, incorporating social engineering tactics and AI-assisted deception.