Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Lumma Stealer malware linked as project fixes in GitHub comments

GitHub Webpage.

Cybercriminals have found yet another way to infect software developers with malware - through comments on GitHub projects.

Whenever a developer uploads a project to GitHub, other community members can leave comments below. That way, the wider community can discuss spotting fallacies and vulnerabilities, potential improvements, different suggestions, and more.

Someone found a way to leave comments on the platform en-masse, and is using the technique to try and trick the developers into downloading the Lumma Stealer.

Deleting the comments

As observed by BleepingComputer, there have been thousands of comments, all across the platform, saying pretty much the same thing: “to fix your trouble check this fix, I see it in another issue,” followed by a link from mediafire.com or bit.ly, to a password-protected archive. The archive contains Lumma Stealer, an infamous piece of malware capable of stealing all sorts of sensitive information, from credentials, to cryptocurrency wallet data, to browser information.

It is often distributed through phishing campaigns, malicious attachments, or infected software downloads. In fact, last week security researchers from Mandiant warned that Lumma was being distributed through fake pirated movies online.

Lumma is known for being stealthy, grabbing the files without being spotted by antivirus or antimalware tools. It is offered as a service, for a subscription fee ranging between $250 and $1,000.

Apparently, the crooks left almost 30,000 comments across the platform, and while GitHub’s admins responded by deleting as many comments as possible, some people already fell for the trick.

GitHub is one of the world’s most popular platforms for software developers who build projects using Git. Last year, the platform reportedly had more than 100 million users, a figure which seems to be growing by the day. As such, GitHub is an extremely popular target for cybercriminals, who are always looking for new ways to sneak malware onto the platform.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.