Retro gaming fans are the new target for fake GitHub malware
ID: 0a3a91aa-c7e9-5d70-a1b6-a5f31cd47fd0
STIX ID: report--0a3a91aa-c7e9-5d70-a1b6-a5f31cd47fd0
Feed Name: Malwarebytes Blog
A malicious GitHub repository posing as a PS Vita audio plugin (EQVita) distributes a ZIP containing Launch.bat, luajit.exe, and a disguised script (x64.txt) that LuaJIT executes; the script phones home to a C2 (85.137.52.21) and typically pulls down information-stealing malware (SmartLoader/Lumma Stealer). The report includes IOCs (repo URL, GitHub Pages URL, and C2 IP), explains the attack technique and why retro gaming communities are targeted, and provides detection and remediation advice including malware scanning, credential rotation, and using trusted sources.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
