securityonline.info 7/17/2026, 10:02:10 AM · external

292 Fake GitHub Repositories Deliver BoryptGrab Infostealer to Windows Users

292 Fake GitHub Repositories Deliver BoryptGrab Infostealer to Windows Users
Developing story vulnerability 33 articles tracked
Fortinet FortiSandbox vulnerabilities exploited in global FortiBleed campaign
CyberSIXT Evidence Panel

TODAY'S critical security alert reveals three active exploits: CVE-2026-58644 related to Microsoft SharePoint, and two CVE entries (CVE-2026-25089 and CVE-2026-39808) concerning Fortinet FortiSandbox command injection vulnerabilities. An unattributed financially motivated threat actor is employing brand-impersonation tactics via fake GitHub repositories to deliver the BoryptGrab infostealer malware. The campaign has resulted in 292 identified counterfeit repositories that lead users to bogus download pages.

The malware features 11 theft modules targeting various credentials, including browser data and cryptocurrency wallets. Infection is executed without touching the disk, enhancing stealth, and data exfiltration occurs to a server linked to Russian hosting. Defense measures include blocking C2 infrastructure and verifying GitHub page authenticity.

View full article

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline