{ "id": "cc6064d4-473e-43ab-ad35-c2a0ee03be1c", "created_at": "2026-04-06T00:11:51.620078Z", "updated_at": "2026-04-10T13:11:47.525012Z", "deleted_at": null, "sha1_hash": "c9eed4c19746c117717dfa1c34415341e5bcb93d", "title": "AI Assisted Fake GitHub Repositories Fuel SmartLoader and LummaStealer Distribution", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 796015, "plain_text": "AI Assisted Fake GitHub Repositories Fuel SmartLoader and\r\nLummaStealer Distribution\r\nPublished: 2025-03-11 · Archived: 2026-04-02 12:06:20 UTC\r\nTrend Research uncovered a campaign that uses fake GitHub repositories to distribute SmartLoader, which\r\nis then used to deliver Lumma Stealer and other malicious payloads. These repositories disguise malware\r\nas gaming cheats, cracked software, and system tools to deceive users.\r\nThe campaign leverages GitHub’s trusted reputation to evade detection, using AI-generated content to\r\nmake fake repositories appear legitimate. Malicious ZIP files contain obfuscated Lua scripts that execute\r\nharmful payloads upon extraction.\r\nIf the attack succeeds, threat actors can steal sensitive information like cryptocurrency wallets, two-factor\r\nauthentication (2FA) extensions, login credentials, and other personally identifiable information (PII) that\r\ncan potentially lead to identity theft and financial fraud. \r\nCybercriminals are adapting from using GitHub file attachments to creating entire repositories,\r\nincorporating social engineering tactics and AI-assisted deception.\r\nOrganizations and individuals should adopt proactive best practices, such as downloading software only\r\nfrom official sources, verifying repository authenticity, enabling security tools, and educating users on\r\nsocial engineering risks to mitigate such threats.\r\nCybercriminals are using fake GitHub repositories that make heavy use of AI for its lures to distribute malware,\r\ndeceiving users with seemingly legitimate tools while evading detection. The Trend Micro Threat Hunting team\r\nidentified an ongoing campaign that uses these repositories to deploy SmartLoader, which is then subsequently\r\nused to deliver other malware such as Lumma Stealer, an information stealer being distributed via the Malware-as-a-Service (MaaS) model by its creators (which we track as Water Kurita). These malicious repositories are\r\ndisguised as non-malicious tools, including game cheats, cracked software, and cryptocurrency utilities. The\r\ncampaign entices victims with promises of free or illicit unauthorized functionality, prompting them to download\r\nZIP files (e.g., Release.zip, Software.zip). Upon execution, these files deploy SmartLoader, which ultimately\r\nfacilitates the delivery of Lumma Stealer. \r\nThe campaign exploits GitHub’s trusted reputation to evade initial detection, using social engineering tactics to\r\ntarget users searching for gaming mods, software cracks, or other tools. This operation highlights how legitimate\r\nplatforms can be abused for malware distribution, emphasizing the dangers of downloading unverified “gray-area”\r\ntools, even from seemingly legitimate sources.\r\nAbusing GitHub for malicious activities  \r\nThe use of GitHub for malware distribution is not a new tactic, but it remains a persistent threat due to limited\r\ndetection capabilities. While earlier campaigns primarily leveraged GitHub for file hosting, threat actors have\r\nsince evolved their approach. They are now exploiting GitHub’s trusted reputation more aggressively by using\r\ngenerative AI to create convincing fake repositories. As cybercriminals continue to innovate, this strategy is\r\nexpected to expand, further reinforcing GitHub’s role as a key vector for malware delivery.\r\nhttps://www.trendmicro.com/en_us/research/25/c/ai-assisted-fake-github-repositories.html\r\nPage 1 of 9\n\nOne example of malware propagation via fake GitHub repositories can be seen on X/Twitter. Security researchers\r\nfrequently tweet about open-source tools that are hosted on GitHub, and threat actors may exploit this by\r\npretending to be researchers themselves. This tactic is designed to lure unsuspecting users into downloading\r\nmalicious and/or fake tools under the guise of legitimacy.\r\nAdditionally, SmartLoader is typically delivered via ZIP files containing obfuscated scripts. The only malicious\r\ncomponent within the archive is an obfuscated Lua script, while the remaining files appear benign.\r\nTechnical analysis \r\nInitial lure\r\nThe malware campaign begins with a fake GitHub repository designed to appear legitimate, often mimicking\r\npopular tools or software. By exploiting GitHub’s trusted reputation, attackers deceive users into downloading\r\nmalicious files. The malicious actors use AI to generate convincing README files and documentation, making\r\nthese repositories appear professional and authentic — therefore increasing the likelihood that users will trust and\r\ninstall the malicious content.\r\nThe fake repositories stand out due to the formatting of its README content, which appears to be heavily\r\nassisted by AI, as exhibited by telltale signs such as excessive emoji usage, unnatural phrasing, a hyperlinked\r\nlogo, and structured content. The repository contains only a README file, and all the hyperlinks redirect to the\r\nmalicious files that are strategically concealed in the releases section, making them less conspicuous to\r\nunsuspecting users.\r\nhttps://www.trendmicro.com/en_us/research/25/c/ai-assisted-fake-github-repositories.html\r\nPage 2 of 9\n\nFigure 1. Examples of fake GitHub repositories\r\nThe primary goal of these repositories is to lure users into unknowingly downloading ZIP files that contain the\r\nSmartLoader payload. Once extracted, the ZIP file contains four components: \r\nlua51.dll: the LUAJIT runtime interpreter\r\nluajit.exe: the Lua loader executable\r\nuserdata.txt: a malicious Lua script\r\nLauncher.bat: a batch file used to execute luajit.exe with the \"userdata.txt” passed as an argument\r\nhttps://www.trendmicro.com/en_us/research/25/c/ai-assisted-fake-github-repositories.html\r\nPage 3 of 9\n\nWhile the executable and DLL files themselves are not malicious, the batch file is specifically designed to launch\r\nluajit.exe, which in turn executes the Lua script concealed within userdata.txt. This script serves as the true\r\nmalicious payload, responsible for compromising the victim’s system.\r\nSimilarities and differences with previous SmartLoader campaigns\r\nIn October 2024, a blog entryopen on a new tab was published analyzing the technique of using malicious Lua\r\nscripts alongside other malware components. The research provides a detailed breakdown of the Lua script,\r\nincluding its deobfuscation process and expected behavior.\r\nBelow is a summary of its key findings:\r\nThe malware is distributed through obfuscated Lua scripts embedded in ZIP archives.\r\nA batch file triggers Compiler.exe, which loads lua51.dll and executes the malicious script.\r\nThe loader connects to a command-and-control (C\u0026C) server to receive and execute tasks.\r\nIt uses Prometheus Obfuscator and the ffi library to hinder analysis and protect code integrity.\r\nIt establishes persistence via scheduled tasks while collecting system information.\r\nIt executes commands to evade security defenses, download payloads, and maintain persistence.\r\nIt deploys CypherIT Loader/Crypter and Redline, the latter of which is a well-known infostealer with a\r\nthriving dark web market for selling stolen credentials. \r\nAdditionally, another reportopen on a new tab details a related campaign that follows the same strategy, but with\r\nLumma Stealer as the payload. Both campaigns employ the same techniques and are delivered via SmartLoader.\r\nSimilarities with the October 2024 campaign (fake webpages) include the following:\r\nDelivery infrastructure: Malicious files were hosted on GitHub under user/file-attachments.\r\nLure mechanism: Fake webpages mimicked legitimate software download sites. Clicking the “Download”\r\nbutton triggered malware retrieval from GitHub.\r\nMeanwhile, the present campaign involving fake GitHub repositories has evolved in the following ways:\r\nShift in hosting strategy: Instead of using GitHub file attachments, threat actors now store malicious files\r\nin the Releases section of fake repositories.\r\nNew lure mechanism: AI-generated repository README files replaced fake webpages as the primary\r\nlure.\r\nEvolving evasion tactics: After the October 2024 campaign was uncovered, threat actors quickly evolved\r\ntheir tactics to evade detection while continuing to abuse GitHub’s trusted status.\r\nThe operators behind SmartLoader demonstrated their adaptability by shifting from GitHub file attachments to\r\nrepositories while maintaining their core techniques—such as obfuscated Lua scripts and batch execution chains.\r\nThis highlights their focus on operational resilience despite growing security scrutiny.\r\nSmartLoader to Lumma Stealer \r\nhttps://www.trendmicro.com/en_us/research/25/c/ai-assisted-fake-github-repositories.html\r\nPage 4 of 9\n\nFigure 2. Attack chain\r\nFigure 2 illustrates the complete attack chain—from the initial lure all the way to payload delivery. It details each\r\nstage of the process, highlighting the execution flow from SmartLoader to the LummaStealer payload.\r\nMeanwhile, Figure 3 complements this by displaying the corresponding network traffic, captured in Wireshark,\r\nfrom the moment Smart Loader executes until the LummaStealer payload is delivered.\r\nFigure 3. Malicious packets for SmartLoader and Lumma Stealer\r\nDuring its routine execution, the loader delivers the LummaStealer malware as its final payload. It retrieves a file\r\nfrom GitHub, saving it as search.exe, which then executes LummaStealer. This executable drops the necessary\r\nfiles and runs an encrypted AutoIt script hidden within Excel files.\r\nSmartLoader is capable of inflating files upon loading the payload, increasing the file size to approximately 1GB.\r\nThe IOC section also includes the hashes for the encoded text files (l.txt and lmd.txt) that are downloaded from\r\nthe GitHub links below.\r\nhttps://www.trendmicro.com/en_us/research/25/c/ai-assisted-fake-github-repositories.html\r\nPage 5 of 9\n\nFigure 4. SmartLoader retrieves the files \"lmd.txt\" and \"l.txt\" from GitHub, renaming them to\r\n\"search.exe\" and \"debug.lua\"\r\nAfter retrieving and executing the downloaded files, it will initiate a series of commands that create and execute\r\nadditional files, setting the stage for the LummaStealer payload. It will perform malicious behaviors such as\r\ncreating of malicious files in %TEMP% folder, concatenating into one batch script, and executing it:\r\ncmd /c copy /bc..\\Entertaining.xls + ..\\Divide.xls + ..\\Providence.xls + ..\\Shakespeare.xls + ..\\Adolescent.xls +\r\n..\\Divided.xls + ..\\Unnecessary.xls + ..\\Karma.xls\r\nIt will also perform multiple security software discovery commands via findstr such as:\r\nfindstr /I \"opssvc wrsa\"\r\nfindstr \"AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth\"\r\nFrom the batch script, it will create another file named “Research.com” in the %TEMP% folder which is a\r\nmisnamed AutoIT interpreter. Lastly, it will perform browser debugging using this command before reaching out\r\nto its C\u0026C server:\r\n\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --profile-directory=\"Default\" --remote-debugging-port=9222\r\nFinally, LummaStealer reaches out to its C\u0026C) server at pasteflawwed[.]world. This communication channel is\r\nused to exfiltrate logs and other sensitive information harvested from the infected system.\r\nhttps://www.trendmicro.com/en_us/research/25/c/ai-assisted-fake-github-repositories.html\r\nPage 6 of 9\n\nFigure 5. LummaStealer execution using misnamed AutoIt interpreter and eventually connecting to\r\nits C\u0026C domain as seen in Trend Vision One™\r\nCybercriminals can use malware delivered via GitHub to perform highly destructive attacksopen on a new tab,\r\nespecially when combined with advanced threats such as Lumma Stealer, which can gather information from web\r\nbrowsers, compromise cryptocurrency wallets and 2FA extensions, and steal sensitive data such as login\r\ncredentials, financial information, and other PII. This can leave victims vulnerable to identity theft, financial\r\nfraud, and unauthorized access to critical accounts, resulting in severe financial and personal consequences.\r\nFurthermore, threat actors can exploit this stolen data even further by selling it to other cybercriminals for profit,\r\nfurther amplifying the risks to victims.\r\nThese attacks highlight how AI-driven cyber threats and sophisticated malware like Lumma Stealer are lowering\r\nthe barrier for hackers to compromise both personal and professional accounts. As cybercriminals increasingly\r\nmake use of advanced tools to automate and enhance their attacks, the urgency for stronger cybersecurity\r\nmeasures becomes clear. Implementing robust defenses is crucial to mitigating these rapidly evolving threats.\r\nMitigation and recommendations\r\nTo defend against threats like SmartLoader and similar malware campaigns, individuals and organizations should\r\nconsider the following best practices:\r\nDownload software only from official sources: Avoid third-party sites, torrents, and repositories that\r\noffer free or cracked software.\r\nVerify repository authenticity: Check for legitimate contributors, repository history, and signs of AI-generated or suspicious documentation.\r\nEnable security features: Use endpoint security solutions that detect and block malicious downloads.\r\nAnalyze files before execution: Use sandboxing tools to scan unknown files before running them.\r\nImplement network security controls: Block known malicious GitHub repositories and restrict file\r\ndownloads from unverified sources.\r\nMonitor for abnormal activity: Use security information and event management tools to detect\r\nunauthorized script executions and unusual outbound connections.\r\nhttps://www.trendmicro.com/en_us/research/25/c/ai-assisted-fake-github-repositories.html\r\nPage 7 of 9\n\nEducate employees on social engineering risks: Conduct security awareness training to prevent\r\nemployees from falling for fake repositories.\r\nEnforce application control policies: Apply measures to prevent execution of unauthorized applications\r\nand scripts.\r\nBy following these best practices, both users and enterprises can reduce the risk of falling victim to malware\r\ncampaigns that exploit trusted platforms like GitHub. Cybercriminals will continue to adapt, but a proactive\r\nsecurity approach will help mitigate these evolving threats.\r\nProactive security with Trend Vision One™\r\nTrend Vision One™ one-platformis an enterprise cybersecurity platform that simplifies security and helps\r\nenterprises detect and stop threats faster by consolidating multiple security capabilities, enabling greater command\r\nof the enterprise’s attack surface, and providing complete visibility into its cyber risk posture. The cloud-based\r\nplatform leverages AI and threat intelligence from 250 million sensors and 16 threat research centers around the\r\nglobe to provide comprehensive risk insights, earlier threat detection, and automated risk and threat response\r\noptions in a single solution.\r\nTrend Micro™ Threat Intelligence\r\nTo stay ahead of evolving threats, Trend Vision One customers can access a range of Intelligence Reports and\r\nTrend Vision One™ Threat Insights. These help customers stay ahead of cyber threats before they happen and\r\nallows them to prepare for emerging threats by offering comprehensive information on threat actors, their\r\nmalicious activities, and their techniques. By leveraging this intelligence, customers can take proactive steps to\r\nprotect their environments, mitigate risks, and effectively respond to threats.\r\nTrend Vision One Intelligence Reports App [IOC Sweeping]\r\nFrom SmartLoader to LummaStealer: AI-Generated fake GitHub repositories delivering malware\r\nThreat Insights App\r\nThreat Actors: Water Kurita\r\nEmerging Threats:  From SmartLoader to LummaStealer: AI-Generated fake GitHub repositories\r\ndelivering malware\r\nHunting queries\r\nTrend Vision One Search App\r\nTrend Vision One customers can use the Search App to match or hunt the malicious indicators mentioned in this\r\nblog post using data within their environment.\r\nLummaStealer connection to C\u0026C server\r\neventSubId:301 AND processFilePath:Research.com AND hostName:pasteflawwed.world\r\nhttps://www.trendmicro.com/en_us/research/25/c/ai-assisted-fake-github-repositories.html\r\nPage 8 of 9\n\nMore hunting queries are available for Trend Vision One customers with Threat Insights entitlement\r\nenabledproducts.\r\nConclusion\r\nThe ongoing campaign using fake GitHub repositories to distribute SmartLoader and Lumma Stealer highlights\r\nthe evolving tactics of cybercriminals. By abusing GitHub’s trusted reputation, attackers can use social\r\nengineering techniques and AI-generated content to lure victims into downloading malicious files. The shift from\r\ntraditional GitHub file attachments to full repositories demonstrates their adaptability in evading detection and\r\nmaintaining operational resilience.\r\nAs cyber threats continue to evolve, organizations and individual users must remain vigilant against such\r\ndeceptive tactics. This campaign underscores the importance of verifying software sources, especially when\r\ndealing with open-source platforms.\r\nIndicators of compromise\r\nThe indicators of compromise for this entry can be found here.\r\nTags\r\nSource: https://www.trendmicro.com/en_us/research/25/c/ai-assisted-fake-github-repositories.html\r\nhttps://www.trendmicro.com/en_us/research/25/c/ai-assisted-fake-github-repositories.html\r\nPage 9 of 9", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "origins": [ "web" ], "references": [ "https://www.trendmicro.com/en_us/research/25/c/ai-assisted-fake-github-repositories.html" ], "report_names": [ "ai-assisted-fake-github-repositories.html" ], "threat_actors": [ { "id": "d90307b6-14a9-4d0b-9156-89e453d6eb13", "created_at": "2022-10-25T16:07:23.773944Z", "updated_at": "2026-04-10T02:00:04.746188Z", "deleted_at": null, "main_name": "Lead", "aliases": [ "Casper", "TG-3279" ], "source_name": "ETDA:Lead", "tools": [ "Agentemis", "BleDoor", "Cobalt Strike", "CobaltStrike", "RbDoor", "RibDoor", "Winnti", "cobeacon" ], "source_id": "ETDA", "reports": null }, { "id": "5be99bea-0f77-492b-be61-e7cc225bbff4", "created_at": "2026-03-08T02:00:03.473966Z", "updated_at": "2026-04-10T02:00:03.983164Z", "deleted_at": null, "main_name": "Water Kurita", "aliases": [], "source_name": "MISPGALAXY:Water Kurita", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "20c759c2-cd02-45bb-85c6-41bde9e6a7cf", "created_at": "2024-01-18T02:02:34.189827Z", "updated_at": "2026-04-10T02:00:04.721082Z", "deleted_at": null, "main_name": "HomeLand Justice", "aliases": [ "Banished Kitten", "Karma", "Red Sandstorm", "Storm-0842", "Void Manticore" ], "source_name": "ETDA:HomeLand Justice", "tools": [ "BABYWIPER", "BiBi Wiper", "BiBi-Linux Wiper", "BiBi-Windows Wiper", "Cl Wiper", "LowEraser", "No-Justice Wiper", "Plink", "PuTTY Link", "RevSocks", "W2K Res Kit" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434311, "ts_updated_at": 1775826707, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/c9eed4c19746c117717dfa1c34415341e5bcb93d.pdf", "text": "https://archive.orkl.eu/c9eed4c19746c117717dfa1c34415341e5bcb93d.txt", "img": "https://archive.orkl.eu/c9eed4c19746c117717dfa1c34415341e5bcb93d.jpg" } }