Live Cybersecurity News Ticker | Codekeeper

200+ GitHub Repos Caught Spreading Windows Malware in Coordinated Attack

Written by Content Team | Jul 11, 2026 11:11:45 PM

Security firm Socket has uncovered "Operation Muck and Load" — a campaign using 222 GitHub repositories across 190 accounts to distribute Windows malware. Active since January 24, 2026, the threat actor published over 1,200 package versions, 700 of which are malicious.

The attack disguises a Go module as a legitimate DNS scanning tool. Hidden PowerShell code then pulls encrypted payloads from dead-drop platforms including Pastebin, YouTube, Instagram, Telegram, and Google Docs — making it harder to shut down.

Final payloads include AsyncRAT, Quasar RAT, Vidar infostealer, and XMRig cryptominers. GitHub users pulling Go dependencies are directly at risk.

Source: SecurityWeek