Hey there, tech enthusiasts! Today, let’s dive into a sneaky way bad actors are spreading malicious software using a popular platform.

Researchers discovered that hackers are using public GitHub accounts to distribute harmful programs. This method is clever because GitHub often bypasses traditional security filters, making detection tricky.

The campaign started back in February and involved known malware loaders called Emmenhtal and PeakLight. These loaders, previously identified in other cyberattacks, were now being spread through GitHub repositories.

Interestingly, instead of relying on simple downloads, the attackers used GitHub to host disguised files—like MP4s and Python scripts—making it harder for defenses to spot malicious activity. Once a device is infected, the malware can download additional payloads, such as Amadey, which is designed to gather system info and fetch more malware based on specific targets.

This operation isn’t just about one attack—it’s part of a larger malware-as-a-service setup, where different groups can buy or sell access to malware infrastructure. The attackers can deliver a variety of harmful software from a single GitHub-based platform, showing how sophisticated and flexible these malicious networks have become.

Stay vigilant and remember: even legitimate platforms like GitHub can be exploited by cybercriminals. Always keep your security software updated and be cautious when opening files from untrusted sources.