Hackers and Gamers Fall Victim to Backdoored GitHub Repositories

A hacker has planted backdoors in more than 130 GitHub repositories. Security researchers found malicious code hidden in cheat tools and exploit kits. These tools targeted gamers and aspiring hackers. Investigators traced the operation to a single threat actor.

Malicious Repositories Fool Niche Users

Security experts discovered over 140 infected GitHub repositories. Out of these, 133 contained working backdoor scripts. These repos mainly targeted users searching for game cheats or hacking tools. The attacker made the repos look safe and frequently updated.

Fake updates and automated commits helped create an illusion of active development. In fact, the attacker pushed nearly 60,000 commits in just a few months to seem credible.

Repositories Infection Method Explained

The backdoors often used PreBuildEvent scripts. These scripts executed during code compilation in Visual Studio. As soon as users compiled the code, the scripts downloaded malware. This included trojans, remote access tools (RATs), and password stealers.

Some repos used obfuscated Python or JavaScript code. Others disguised malware as screensaver files. These files silently delivered payloads like AsyncRAT and Lumma Stealer, which can steal credentials and sensitive user data.

Tricking the Community

The attacker posed as a legitimate developer. Many of the infected repos appeared as cheat engines or exploit builders. These types of projects attract young coders and gamers. Experts warn that even experienced users might fall for such deception.

The campaign used automated activity to appear genuine. It also spread through platforms like Discord, YouTube, and hacking forums. These channels helped draw in victims who were less cautious.

Safety Tips for Repositories Users

Cybersecurity researchers urge users to verify all open-source code before use. They advise checking build scripts carefully. Avoid running unfamiliar code on your primary machine.

Experts recommend using sandboxed environments or virtual machines to test any suspicious tools. Users should pay attention to projects with excessive commits or unusual automation patterns.

Growing Threat to Open Source

This incident highlights rising threats in the open-source ecosystem. GitHub, while powerful, has become a target for malware distribution. Attackers exploit trust in the platform to trick users into downloading malicious code.

Security analysts emphasize the need for code auditing. Even tools meant for fun can hide serious risks. Caution and scrutiny are now more important than ever.