
Hackers Impersonate Security Tools to Target Security Professionals
CybersecurityHackingMalwareGitHubAI
Attackers are reactivating GitHub accounts that have been dormant for years to give them instant credibility. They fill these accounts with AI-generated "security tools," such as cryptocurrency bots, GPT wrappers, and OSINT utilities, which appear legitimate. Once these repositories gain popularity, the attackers push an update containing PyStoreRAT, a JavaScript/HTA backdoor designed for long-term persistence. The malware profiles the system, deploys the Rhadamanthys stealer to exfiltrate credentials, and spreads via USB drives.