AI-Assisted Fake GitHub Repositories Fuel SmartLoader and LummaStealer Distribution
NetmanageIT OpenCTI - opencti.netmanageit.com

SUMMARY :
A campaign using fake GitHub repositories to distribute SmartLoader and Lumma Stealer malware has been uncovered. The attackers create convincing repositories using AI-generated content to deceive users into downloading malicious files disguised as gaming cheats, cracked software, and system tools. The malware is delivered through obfuscated Lua scripts in ZIP files, exploiting GitHub's trusted reputation to evade detection. Upon execution, SmartLoader facilitates the delivery of Lumma Stealer, which can steal sensitive information like cryptocurrency wallets, 2FA extensions, and login credentials. This campaign demonstrates the evolving tactics of cybercriminals, adapting from using GitHub file attachments to creating entire repositories with AI-assisted deception.
OPENCTI LABELS :
social engineering,information theft,lumma stealer,github,ai-generated content,smartloader,obfuscated scripts
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
AI-Assisted Fake GitHub Repositories Fuel SmartLoader and LummaStealer Distribution