A new Windows stealer dubbed BoryptGrab is being distributed through a large, ongoing campaign abusing fake GitHub repositories that pose as free tools, game cheats, and popular utilities.
The malware focuses on stealing browser data, cryptocurrency wallet information, and system details, while also grabbing screenshots, common files, Telegram data, Discord tokens, and stored passwords.
Attackers created more than a hundred public GitHub repositories using SEO‑stuffed READMEs so that search engines rank them near legitimate projects.
These repositories advertise items such as “Voicemod Pro download tool,” “Valorant performance boost,” “CS2 skin changers,” and other cracked or cheat‑style tools, often using ZIP filenames with or without “github-io” in their names to appear trustworthy.
When victims follow the README link, they are redirected through GitHub‑hosted pages containing Russian comments and base64/AES‑based URL redirection logic, eventually landing on a fake GitHub download page that dynamically generates a malicious ZIP archive.
gbhackers.com
