Massive GitHub Campaign Spreads Trojan Through 300+ Fake AI Tool Packages

Uncover "TroyDen's Lure Factory," a malware campaign using fake GitHub packages to target developers and gamers with sophisticated tactics.

By Content Team

Mar 25, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Cybercriminals are running a sophisticated campaign called "TroyDen's Lure Factory" that spreads malware through over 300 fake GitHub packages targeting developers and gamers. The attack centers on a bogus OpenClaw Docker deployer but includes various lures like game cheats, crypto bots, and VPN crackers.

The malware uses a clever two-part design with a renamed Lua runtime and encrypted script that evades detection when analyzed separately. Once both components run together, it takes screenshots, steals credentials, and sends data to servers in Frankfurt.

Netskope researchers discovered the campaign in March and notified GitHub, though some malicious repositories remain active. The attackers appear to use AI assistance, evidenced by systematically generated package names using obscure scientific terminology.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

TeamPCP Hackers Launch Massive Supply Chain Attack Across Open Source Ecosystem

Mar 25, 2026

Cisco Patches Critical Zero-Day Exploited by Chinese Hackers

Jan 17, 2026

How Coupang's Data Breach Became a US-South Korea Diplomatic Crisis

Apr 26, 2026

Apple Breaks Precedent, Patches DarkSword for iOS 18 Users

Apr 5, 2026