A large-scale malware delivery campaign has been targeting developers, gamers, and general users through fake tools hosted on GitHub, Netskope researchers have warned. These “lures” are highly polished and appear legitimate, occasionally mimicking real projects, thus making them difficult to distinguish from safe software. A dual-component trojan is delivered Netskope threat researchers first discovered a trojanized GitHub repository ostensibly offering a Docker image of the OpenClaw AI assistant. The repo was very convincing. “The README … More → The post GitHub-hosted malware campaign uses split payload to evade detection appeared first on Help Net Security .