Fake software on GitHub and SourceForge distribute Deno RAT 

This report details an active campaign where attackers host fake installers and plugins on GitHub and SourceForge (promoted via compromised YouTube channels) to install Deno and deploy the DinDoor backdoor and a Deno-based RAT capable of full remote control, credential and crypto-wallet theft, and peer-to-peer screen streaming via a hidden Edge instance; the analysis includes infection chains, persistence mechanisms, network C2 endpoints, capabilities, and a list of URLs, domains, and IP IOCs.