OTX Bot<p>AI-Assisted Fake GitHub Repositories Fuel SmartLoader and LummaStealer Distribution</p><p>A campaign using fake GitHub repositories to distribute SmartLoader and Lumma Stealer malware has been uncovered. The attackers create convincing repositories using AI-generated content to deceive users into downloading malicious files disguised as gaming cheats, cracked software, and system tools. The malware is delivered through obfuscated Lua scripts in ZIP files, exploiting GitHub's trusted reputation to evade detection. Upon execution, SmartLoader facilitates the delivery of Lumma Stealer, which can steal sensitive information like cryptocurrency wallets, 2FA extensions, and login credentials. This campaign demonstrates the evolving tactics of cybercriminals, adapting from using GitHub file attachments to creating entire repositories with AI-assisted deception.</p><p>Pulse ID: 67d02fc805ff65bf0f2f46eb<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67d02fc805ff65bf0f2f46eb" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67d02</span><span class="invisible">fc805ff65bf0f2f46eb</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-03-11 12:42:48</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2FA</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHub</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/LUA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LUA</span></a> <a href="https://social.raytec.co/tags/LummaStealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LummaStealer</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/Rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Rust</span></a> <a href="https://social.raytec.co/tags/ZIP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ZIP</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptocurrency</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>