logo

Retro gaming fans are the new target for fake GitHub malware

ID: 0a3a91aa-c7e9-5d70-a1b6-a5f31cd47fd0

STIX ID: report--0a3a91aa-c7e9-5d70-a1b6-a5f31cd47fd0

Feed Name: Malwarebytes Blog

Threat Score
65/100

Date Published: 2026-06-18

Date Updated: 2026-06-18

...
...

A malicious GitHub repository posing as a PS Vita audio plugin (EQVita) distributes a ZIP containing Launch.bat, luajit.exe, and a disguised script (x64.txt) that LuaJIT executes; the script phones home to a C2 (85.137.52.21) and typically pulls down information-stealing malware (SmartLoader/Lumma Stealer). The report includes IOCs (repo URL, GitHub Pages URL, and C2 IP), explains the attack technique and why retro gaming communities are targeted, and provides detection and remediation advice including malware scanning, credential rotation, and using trusted sources.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.