<img height="1" width="1" style="display: none" alt="" src="https://px.ads.linkedin.com/collect/?pid=1098858&amp;fmt=gif">

200+ GitHub Repos Caught Spreading Windows Malware in Coordinated Attack

Discover "Operation Muck and Load": a malware campaign using GitHub repositories to spread Windows threats via hidden payloads.
Content Team

Security firm Socket has uncovered "Operation Muck and Load" — a campaign using 222 GitHub repositories across 190 accounts to distribute Windows malware. Active since January 24, 2026, the threat actor published over 1,200 package versions, 700 of which are malicious.

The attack disguises a Go module as a legitimate DNS scanning tool. Hidden PowerShell code then pulls encrypted payloads from dead-drop platforms including Pastebin, YouTube, Instagram, Telegram, and Google Docs — making it harder to shut down.

Final payloads include AsyncRAT, Quasar RAT, Vidar infostealer, and XMRig cryptominers. GitHub users pulling Go dependencies are directly at risk.

Source: SecurityWeek

Share this article
Share on facebook Share on linkedin Share on twitter Share on email
blog_book_a_demo_cta_3x
Have questions about protecting your software?
Our escrow experts are standing by to help.
Book a free demo