Login
Israel-Hamas Conflict
World Cup
Benjamin Netanyahu
Social Media
Airstrike
Boxing
Military
War
Donald Trump
Natural Disasters
Immigration
Artificial Intelligence
Soccer
institutional access

You are connecting from
Lake Geneva Public Library,
please login or register to take advantage of your institution's Ground News Plan.

Published loading...Updated

100+ Backdoored Malware Repos Traced to Single GitHub User

  • Sophos researchers uncovered a large-scale campaign in 2024-2025 where a developer named ischhfd83 used over 130 GitHub repositories with hidden backdoors.
  • The investigation began after a Sophos client questioned the safety of Sakura RAT, a remote access trojan with a malicious PreBuild event that installs malware during compilation.
  • Ischhfd83 automated thousands of fake commits across multiple accounts to simulate legitimacy, targeting gamers, hackers, students, and cybersecurity researchers with lures like cheats and fake exploits.
  • Executing the compromised code initiates a complex infection sequence involving multiple stages where various malicious components—including info-stealers and remote access trojans like Lumma Stealer, AsyncRAT, along with Remcos—are deployed to perform data exfiltration and enable unauthorized system control.
  • Sophos reported and helped remove most malicious repositories, but the campaign's methods remain popular and may evolve to target other groups beyond novice cybercriminals and gamers.
Insights by Ground AI
Does this summary seem wrong?

10 Articles

All
Left
Center
2
Right
The RegisterThe Register
Center

100+ backdoored malware repos traced to single GitHub user

: Someone went to great lengths to prey on the next generation of cybercrooks

Read Full Article
BleepingComputerBleepingComputer
Center

Hacker targets other hackers and gamers with backdoored GitHub code

A hacker targets other hackers, gamers, and researchers with exploits, bots, and game cheats in source code hosted on GitHub that contain hidden backdoors to give the threat actor remote access to infected devices.

Read Full Article
IT Security News - cybersecurity, infosecurity newsIT Security News - cybersecurity, infosecurity news

Hundreds of GitHub Malware Repos Targeting Novice Cybercriminals Linked to Single User

A sophisticated malware distribution campaign has weaponized over 140 GitHub repositories to target inexperienced cybercriminals and gaming cheat users, representing one of the largest documented cases of supply chain attacks on the platform. The repositories, masquerading as legitimate malware tools… Read more → The post Hundreds of GitHub Malware Repos Targeting Novice Cybercriminals Linked to Single User appeared first on IT Security News.

Read Full Article
GBHackers On SecurityGBHackers On Security

Hundreds of Malicious GitHub Repos Targeting Novice Cybercriminals Traced to Single User

Sophos X-Ops researchers have identified over 140 GitHub repositories laced with malicious backdoors, orchestrated by a single threat actor associated with the email address ischhfd83[at]rambler[.]ru. Initially sparked by a customer inquiry into the Sakura RAT, a supposed open-source malware touted for its “sophisticated anti-detection capabilities,” the investigation revealed a much broader and more insidious campaign. […] The post Hundreds of …

Read Full Article
PC PerspectivePC Perspective

One Single GitHub User Was Responsible For Over A Hundred Backdoored Malware Repos - PC Perspective

Thanks to the curiosity of a Sophos customer about a specific remote access trojan they read about in the news, 100+ poisoned GitHub repos were not just taken down, but tracked back…

Read Full Article
golem.degolem.de

Golem.de: IT News for Professionals

If you are looking for open source Trojans on Github, you should be careful. The projects often contain a safe backdoor. (Malware, Virus)

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center
Factuality

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news in on Wednesday, June 4, 2025.
Sources are mostly out of (0)

Similar News Topics

Cybercrimes

Cybercrimes

Cyber Security

Cyber Security

News
For You
SearchBlindspotLocal