At a glance: An automated attack campaign with over 10,000 manipulated GitHub repositories targets AI agents to steal credentials and cryptocurrency wallet data using the infostealer StealC.
Security researchers have identified over 10,000 fraudulent repositories on GitHub distributing a crypto trojan with the infostealer StealC. The attack specifically targets automated AI agents that often download dependencies without validation.
Software developer Orchid has documented a large-scale attack campaign on GitHub in which attackers deliberately clone new repositories, insert malicious code, and manipulate search results on Google and Bing to place the counterfeits above the originals. To date, approximately 10,000 such prepared repositories have been identified. The fake projects are updated every few hours to evade automated detection systems. According to Orchid, the repositories come from different accounts, have different names, and are not forks, but share an identifiable pattern that enabled automated identification.
Security analysts suspect the campaign primarily targets autonomous AI agents, as automated systems often download code components without verification during dependency resolution, whereas human developers rarely execute malicious executable files from questionable sources. The infection chain follows a standardized pattern: README documents direct users to download a prepared ZIP archive containing an executable file, a Windows command script, a text file, and a Lua library. After extraction, a LuaJIT interpreter launches, bypassing debugging tools and determining the control server address via a smart contract on the Polygon blockchain. Subsequently, the infostealer StealC is loaded, which steals passwords, crypto wallets, credit card data, browser histories, and credentials for platforms such as Discord and Steam.
Security firm HexaStrike analyzed the malware and found that verification of download links on VirusTotal often fails, as only the physical ZIP archive is detected as malicious. GitHub began removing repositories after Orchid published a list of 9,330 malicious instances. However, Orchid criticized that the platform’s automatic detection systems fail and some malicious clones were online for over a year, while manual reports in the past often took several weeks to deletion. Security analysts at HexaStrike suggest that the matching infrastructure and synchronized updates indicate a single actor or a tightly coordinated group.
Source: www.it-daily.net · Published June 23, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.