A large and coordinated cyber campaign targeting software developers has been uncovered on GitHub, the world’s most widely used code-hosting platform. Security researchers have identified approximately 10,000 repositories that were actively used to distribute Trojan malware by cloning legitimate open-source projects and tricking users into downloading malicious files. The discovery has raised serious concerns about the abuse of trust within developer communities and the systemic challenges of detecting sophisticated supply-chain threats on code-sharing platforms.
The investigation began when a security researcher noticed a cloned version of their own GitHub repository appearing in search engine results. At first glance, the repository appeared entirely legitimate. Its name, description, commit history, and overall structure closely matched the original project. However, a closer inspection revealed that an additional commit had been introduced into the README file, containing a link to an external ZIP archive that initiates a malware delivery sequence.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
The Systematic Overwrite Mechanism
The infrastructure of the repository cloning network relies on a fluid and highly automated distribution pipeline. The entire threat sequence operates across distinct structural phases:
- Wholesale Project Cloning: The attackers copy a legitimate repository completely, preserving every original commit history, line of source code, and verified contributor profile to maximize operational trust.
- README Payload Injection: The clean documentation files are modified to host an external web link directing users to a compromised file download.
- Rotational Commit Refresh: The system dynamically deletes and pushes an identical “Update README.md” commit every few hours, allowing the repository to bypass static safety layers and stay visible on real-time activity feeds.
Researchers found no direct fork relationship between many of these repositories, confirming that the activity was part of a carefully orchestrated campaign designed to deceive developers. While individual files often scanned clean on automated url-checking platforms like VirusTotal, the complete ZIP archive downloaded from the links triggered active alerts.
The payload signature delivers Trojan malware strains, specifically identified as SmartLoader and StealC, to extract data from compromised Windows environments.
GH Archive Event Data Auditing
To assess the massive scale of the campaign, researchers developed a custom script to scan public GitHub event metadata pulled from the global GH Archive. Because scanning every repository individually via standard API requests is restricted by execution limits, the forensic process filtered for repositories displaying anomalous and repetitive commit timelines.
Out of approximately 16 million global commit events reviewed over a compressed five-day window, around 3,000 active repositories initially registered suspicious signatures matching the automated refresh pattern.
After applying refined filters to weed out benign development bots, flag unnatural timestamp distributions, and evaluate contributor diversity metrics, the scale of the campaign escalated heavily. The final audit isolated roughly 10,000 separate repositories operating under the control of the identical automated threat loop.
Expanding Attack Surfaces and Agentic Risk
The investigation noted that many of these malicious repositories had remained online for months without triggering built-in automation blocks, highlighting an institutional defense gap. Security experts emphasize that the threat surface has shifted significantly with the rise of modern AI-powered developer interfaces. Advanced code assistants and agentic workflows autonomously query public code platforms to resolve dependencies, import snippet libraries, and verify code blocks without manual human review.
Renowned cyber crime expert and former IPS officer Prof. Triveni Singh warned that cyber criminals are heavily capitalizing on the blanket trust developers and automated workflows place in well-known engineering hubs. He stated that because development agents often trace and download assets based purely on platform appearance or search index position, malicious scripts can quickly bypass traditional project security filters.
Security cells urge engineers to execute ZIP code reviews directly, avoid manual text-link dependencies embedded inside documentation templates, and cross-check historical release tabs to neutralize automated supply-chain exploits.
