AI-Assisted Campaign Distributes Malicious Packages via GitHub

An AI-assisted campaign has distributed over 300 malicious packages via GitHub, including a trojanized repository named "OpenClaw Deployer" that impersonates legitimate software. The poisoned assets target developers and gamers, delivering malware through tools, cheats, and other popular downloads. No specific dates, CVE IDs, or technical indicators (e.g., payload hashes) were disclosed in the report. The attack leverages social engineering to trick users into downloading and executing the compromised packages. The exact scope of infections or impacted organizations remains unconfirmed. The campaign highlights the growing use of AI to scale supply-chain attacks on open-source platforms.