AI-Assisted Fake GitHub Repositories Fuel SmartLoader and LummaStealer Distribution

Description

A campaign using fake GitHub repositories to distribute SmartLoader and Lumma Stealer malware has been uncovered. The attackers create convincing repositories using AI-generated content to deceive users into downloading malicious files disguised as gaming cheats, cracked software, and system tools. The malware is delivered through obfuscated Lua scripts in ZIP files, exploiting GitHub's trusted reputation to evade detection. Upon execution, SmartLoader facilitates the delivery of Lumma Stealer, which can steal sensitive information like cryptocurrency wallets, 2FA extensions, and login credentials. This campaign demonstrates the evolving tactics of cybercriminals, adapting from using GitHub file attachments to creating entire repositories with AI-assisted deception.