repositories

Tech Optimizer
July 15, 2026
Cybersecurity firm ArcticWolf has identified 292 malicious GitHub repositories that impersonate legitimate software tools, part of a campaign to deliver a new variant of the BoryptGrab infostealer. This malware can extract sensitive information from 19 web browsers, 32 cryptocurrency wallets, messaging applications like Telegram and Discord, gaming platforms such as Steam, and Windows Credential Manager. It can also exfiltrate files from users' Desktop and Documents folders and capture screenshots. This variant bypasses Chrome’s App-Bound Encryption using direct code injection and does not include an anti-analysis layer or conceal itself, aiming to harvest data quickly without persistence. The malicious activity began in late June, with most repositories removed from GitHub, though several dozen remain active. GitHub's status as a key platform in the open-source community makes it a target for cybercriminals, emphasizing the need for developers to thoroughly vet code before integration.
Search