Cybersecurity Researchers Uncover New Threat Actor "Water Curse" Using Compromised GitHub Repositories

Cybersecurity researchers have discovered a new threat actor named Water Curse, which uses compromised GitHub repositories to distribute multi-stage malware. The malware enables data exfiltration (including credentials, browser data, and session tokens), remote access, and long-term persistence on infected systems. Researchers from Trend Micro, Jovit Samaniego, Aira Marcelo, and Mohamed, have identified 76 GitHub accounts used in this campaign.