Hackers Use Fake GitHub Desktop Apps to Spread Malware Through Malicious Ads

Beware of fake GitHub Desktop downloads: a malvertising campaign installs malware by exploiting GitHub's reputation. Stay safe with our insights.

By Content Team

Sep 14, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Cybercriminals are running a sophisticated malvertising campaign that tricks users into downloading fake GitHub Desktop clients loaded with malware. The attackers exploit GitHub's trusted reputation by creating compromised repositories with hidden malicious code that appears legitimate.

When users search for GitHub Desktop through infected ads, they're redirected to these fake repositories. Once downloaded, the malware performs extensive system reconnaissance, collecting operating system details and network configurations before connecting to command servers.

The campaign uses advanced evasion techniques, including PowerShell payloads that deploy NetSupport Remote Access Trojan and AutoIT interpreters disguised as COM files. Unit 42 researchers discovered the threat through behavioral analysis of suspicious repository activities.

Source: Cybersecurity News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Hackers Compromise Popular JavaScript Library Axios, Potentially Affecting 600,000 Downloads

Mar 31, 2026

European Commission Hit by Major Data Breach Through Supply Chain Attack

Apr 5, 2026

GhostAction Supply Chain Attack Steals 3,000+ Secrets from GitHub Repositories

Dec 26, 2025

Critical Net-SNMP Vulnerability Threatens Network Infrastructure Worldwide

Dec 26, 2025