Cloned, Loaded, and Stolen: How 109 Fake GitHub Repositories Delivered SmartLoader and StealC
Executive Summary After someone impersonated one of our recent projects, PyrsistenceSniper, on GitHub, we uncovered a broader malware distribution campaign built around cloned open source repositories. The operator copies legitimate projects, republishes them under different accounts, strips the README of its technical content, and replaces it with prominent download buttons. Those buttons point to ZIP files […]
Reddit TradingView Lures Leading to Vidar and AMOS Stealers
While handling recent stealer infections, we traced the initial compromise back to Reddit. A threat actor had been operating across several subreddits, some hijacked from legitimate communities and others purpose-built, using a mix of compromised and freshly created Reddit accounts to push malicious software disguised as cracked TradingView Premium builds. Based on overlapping language patterns, […]