GitHub’s Dark Side: Unveiling Malware Disguised as Cracks, Hacks, and Crypto Tools

McAfee Labs discovered a network of GitHub repositories and associated YouTube links that socially engineer users—particularly children—into downloading game cheats and cracked software which are actually Lumma Stealer variants (and other malware). The report describes the infection chain, technical behavior (searching browsers, harvesting credentials and crypto wallets, connecting to C2 servers), detection/mitigation steps, and provides a list of IoCs including repository URLs, executable hashes, and C2 IP addresses.