AI-Assisted Fake GitHub Repositories Fuel SmartLoader and LummaStealer Distribution

    Wednesday, March 12, 2025 In: Threat Research Print

    Date: 03/12/2025

    Severity: Medium

    Summary

    AI-assisted fake GitHub repositories are being used to distribute SmartLoader, which delivers Lumma Stealer and other malware. These repositories disguise malicious software as gaming cheats and cracked tools, evading detection through AI-generated content. The malware steals sensitive data like cryptocurrency wallets, 2FA extensions, and PII, leading to identity theft and financial fraud. Users are advised to follow best practices, including downloading software from official sources and verifying repository authenticity.

    Indicators of Compromise (IOC) List

    URL/Domain

    pasteflawwed.world

    https://github.com/Afjhr/iExplorer-Free/releases/download/v2.0/Software.zip

    https://github.com/Aksoo7/SoLBF/releases/download/v1.0/Software.zip

    https://github.com/BashSpiceRB/QuasarRAT-Remote-Access-Tool/releases/download/v2.0/Software.zip

    https://github.com/CPSGDPS/Employe-time-tracker/releases/download/v2.0/Software.zip

    https://github.com/Communismbelike/Delta-Executor/releases/download/v2.0/Program.zip

    https://github.com/DENYS849/Krnl-Lua-Script-Injector-for-Roblox-Game-Development/releases/download/v1.0/Release.zip

    https://github.com/Devansh-2795/Al-Photoshop-2024/releases/download/v2.0/Software.zip

    https://github.com/Diapiffy/setup/releases/download/v2.0/Software.zip

    https://github.com/Dropeed10/synapse-x-roblox-free/releases/download/v1.0/Software.zip

    https://github.com/EricSRibas/linux-studies/releases/download/v2.0/Software.zip

    https://github.com/Garuadi/Rainbow-S1x-Siege-Cheat/releases/download/v2.0/Software.zip

    https://github.com/ItzGame123/counter-str1ke-2-h4ck/releases/download/v2.0/Software.zip

    https://github.com/JhonlorenzManadeo/fridaDownloader/releases/download/v1.0/Software.zip

    https://github.com/JhonlorenzManadeo/fridaDownloader/releases/download/v2.0/Software.zip

    https://github.com/JihuR/Cheat-CS2/releases/download/v2.0/Release_x64.zip

    https://github.com/Justanamelessghoul/Atlantis-Executor/releases/download/v2.0/Release_x64.zip

    https://github.com/Maratct/Coin-Sniper-Bot/releases/download/v1.0/Software.zip

    https://github.com/ONDEXU/Discord-AllinOne-Tool/releases/download/v1.0/Software.zip

    https://github.com/Proffesional123/FiveM-Spoofer/releases/download/v2.0/Software.zip

    https://github.com/SRS-Rahul/Luna-Executor/releases/download/v1.0/Software.zip

    https://github.com/SingLoveMyself/C2Panel/releases/download/v2.0/Software.zip

    https://github.com/TiagoSevero2023/Wondershare-Filmora-Free/releases/download/v2.0/Software.zip

    https://github.com/VitorNsousa/moonlight-launcher/releases/download/v1.0/Software.zip

    https://github.com/Xaviertya/.dotfiles/releases/download/v2.0/Software.zip

    https://github.com/ZidanQawy/awesome-kde/releases/download/v1.0/Application.zip

    https://github.com/carel566/linux-rootkit/releases/download/v1.0/Software.zip

    https://github.com/crispyman1245/BazaarFlipMod/releases/download/v2.0/Software.zip

    https://github.com/ehsan14123/Wave-Roblox/releases/download/v2.0/Release_x64.zip

    https://github.com/gamingboy22/Energy-Valorant-Skin-Changer-Hack-Esp-Aimbot-FlickBot/releases/download/v1.0/Release.zip

    https://github.com/hylex280/Instagram-Reporter/releases/download/v2.0/Software.zip

    https://github.com/jjkj67/IDA-Pro-Keygen-2024/releases/download/v1.0/Software.zip

    https://github.com/krishioer/FiveM-Mod-Menu/releases/download/v2.0/Software.zip

    https://github.com/levy0157/caddy-defender/releases/download/v2.0/Software.zip

    https://github.com/luckee8898/Tenorshare-ReiBoot-Pro-Download/releases/download/v1.0/Application.zip

    https://github.com/mmfazzr06/Grok-3/releases/download/v3.0/Grok.zip

    https://github.com/ne-ted/Free_US_Investment_Agent_System/releases/download/v2.0/Software.zip

    https://github.com/pacewiliam/AI-Jailbreaks/releases/download/v2.0/Software.zip

    https://github.com/phatcao2910/FBI_Watchdog/releases/download/v2.0/Software.zip

    https://github.com/rafy35198/JJsploit/releases/download/v1.0/Release.zip

    https://github.com/sangdeptrai20/Exodus-Fake-Balance/releases/download/v2.0/Software.zip

    https://github.com/sansiwo/zen-focus/releases/download/v1.0/Software.zip

    https://github.com/senseiFC/wallet-stealer/releases/download/v1.0/Software.zip

    https://github.com/sh0uko/ClintonCAT/releases/download/v1.0/Installer.zip

    https://github.com/stcoid1/Grok-3/releases/download/v3.0/Grok.zip

    https://github.com/tamin1111/UNIVERSAL-HWID-SPOOFER/releases/download/v2.0/Software.zip

    https://github.com/toniadrenalin/hack-crypto-wallet/releases/download/v1.0/Application.zip

    https://github.com/user-attachments/files/18585082/Software.zip

    https://github.com/user-attachments/files/18630095/Software.zip

    https://github.com/user-attachments/files/18722098/Application.zip

    https://github.com/uwuwuwu363/tts-local/releases/download/v1.0/Software.zip

    https://github.com/vrus67/CrystalTool/releases/download/v1.0/Software.zip

    https://github.com/xuantruong7/IDM-Activation-Script-2025/releases/download/v1.0/Application.zip

    https://github.com/xxsfytd/snoopy/releases/download/v2.0/Software.zip

    IP Address

    213.176.73.80

    95.164.53.100

    94.156.114.56

    150.241.105.82

    Hash

    c36e15f0532569d789ba9fdbfccf6a1bb5ac2c75

2a2ef9cd83bdb635bb3da2fe6b6a42c9b0cc657f

43eae0fb588987107a4805ecd1cf5c301263643b

082b2d602c39488b7220523cc9d9a03f4cff53bc

9953b71fe900614844737a8dba726d2c0dc7ca51

fb7a7cb18055a8fa617c707ee784bd292d8bb0ab

28b6a72672848e8ee7bbe00c839e899160fed839

496f07dfccc038d7090f6ecc273f0505b2b102bf

cc4d85f11a4dc8e8cbe3f49f758bb8100485bd84

0f18746b59f33ca8480475ef91fdd01ea1e3eac4

7367ef2b7836682f248bbc97539e9e9e67d92a20

5ed50cba806d2079198e0b17385e9166ecdc39cd

f11acd444d07ba4322f2b9c9c95bc1e26a03e617

2aed982366efcc32490487c82621ddff6348efa4

559bcdd9152d76b38b231dc024e66d82ce7db08f

414917635afdd6718840e6e689da773f8865e6a7

c176528eb230cc5b485a528ec0e2bcc9329ec875

813f977b8757587529dd1be5709503d2d7071fb5

e1d5c2344d204253932ae0bb57e87927db535394

e70848f41b597776238ca26c8428133eeeed7408

fcd528e8775a4827223357ca28e8ee8156005954

ae54422e334e0cbcf839955fbe2986a7d886b894

93aa2fe0456b4795ce21cecc7db75068cc2ff159

4f3fbe9a1c37aa0ee7ed4d4a2feb4e1af7dffa81

e53598fc0451cf39438f029bb0365dd29013c089

5fc426d7f48e00266cead84746504b2067d74e32

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1

    userdomainname like "https://github.com/CPSGDPS/Employe-time-tracker/releases/download/v2.0/Software.zip" or url like "https://github.com/CPSGDPS/Employe-time-tracker/releases/download/v2.0/Software.zip" or userdomainname like "pasteflawwed.world" or url like "pasteflawwed.world" or userdomainname like "https://github.com/tamin1111/UNIVERSAL-HWID-SPOOFER/releases/download/v2.0/Software.zip" or url like "https://github.com/tamin1111/UNIVERSAL-HWID-SPOOFER/releases/download/v2.0/Software.zip" or userdomainname like "https://github.com/Afjhr/iExplorer-Free/releases/download/v2.0/Software.zip" or url like "https://github.com/Afjhr/iExplorer-Free/releases/download/v2.0/Software.zip" or userdomainname like "https://github.com/Aksoo7/SoLBF/releases/download/v1.0/Software.zip" or url like "https://github.com/Aksoo7/SoLBF/releases/download/v1.0/Software.zip" or userdomainname like "https://github.com/BashSpiceRB/QuasarRAT-Remote-Access-Tool/releases/download/v2.0/Software.zip" or url like "https://github.com/BashSpiceRB/QuasarRAT-Remote-Access-Tool/releases/download/v2.0/Software.zip" or userdomainname like "https://github.com/Communismbelike/Delta-Executor/releases/download/v2.0/Program.zip" or url like "https://github.com/Communismbelike/Delta-Executor/releases/download/v2.0/Program.zip" or userdomainname like "https://github.com/DENYS849/Krnl-Lua-Script-Injector-for-Roblox-Game-Development/releases/download/v1.0/Release.zip" or url like "https://github.com/DENYS849/Krnl-Lua-Script-Injector-for-Roblox-Game-Development/releases/download/v1.0/Release.zip" or userdomainname like "https://github.com/Devansh-2795/Al-Photoshop-2024/releases/download/v2.0/Software.zip" or url like "https://github.com/Devansh-2795/Al-Photoshop-2024/releases/download/v2.0/Software.zip" or userdomainname like "https://github.com/Diapiffy/setup/releases/download/v2.0/Software.zip" or url like "https://github.com/Diapiffy/setup/releases/download/v2.0/Software.zip" or userdomainname like "https://github.com/Dropeed10/synapse-x-roblox-free/releases/download/v1.0/Software.zip" or url like "https://github.com/Dropeed10/synapse-x-roblox-free/releases/download/v1.0/Software.zip" or userdomainname like "https://github.com/EricSRibas/linux-studies/releases/download/v2.0/Software.zip" or url like "https://github.com/EricSRibas/linux-studies/releases/download/v2.0/Software.zip" or userdomainname like "https://github.com/Garuadi/Rainbow-S1x-Siege-Cheat/releases/download/v2.0/Software.zip" or url like "https://github.com/Garuadi/Rainbow-S1x-Siege-Cheat/releases/download/v2.0/Software.zip" or userdomainame like "https://github.com/ItzGame123/counter-str1ke-2-h4ck/releases/download/v2.0/Software.zip" or url like "https://github.com/ItzGame123/counter-str1ke-2-h4ck/releases/download/v2.0/Software.zip" or userdomainname like "https://github.com/JhonlorenzManadeo/fridaDownloader/releases/download/v1.0/Software.zip" or url like "https://github.com/JhonlorenzManadeo/fridaDownloader/releases/download/v1.0/Software.zip" or userdomainname like "https://github.com/JhonlorenzManadeo/fridaDownloader/releases/download/v2.0/Software.zip" or url like "https://github.com/JhonlorenzManadeo/fridaDownloader/releases/download/v2.0/Software.zip" or userdomainname like "https://github.com/JihuR/Cheat-CS2/releases/download/v2.0/Release_x64.zip" or url like "https://github.com/JihuR/Cheat-CS2/releases/download/v2.0/Release_x64.zip" or userdomainname like "https://github.com/Justanamelessghoul/Atlantis-Executor/releases/download/v2.0/Release_x64.zip" or url like "https://github.com/Justanamelessghoul/Atlantis-Executor/releases/download/v2.0/Release_x64.zip" or userdomainname like "https://github.com/Maratct/Coin-Sniper-Bot/releases/download/v1.0/Software.zip" or url like "https://github.com/Maratct/Coin-Sniper-Bot/releases/download/v1.0/Software.zip" or userdomainname like "https://github.com/ONDEXU/Discord-AllinOne-Tool/releases/download/v1.0/Software.zip" or url like "https://github.com/ONDEXU/Discord-AllinOne-Tool/releases/download/v1.0/Software.zip" or userdomainname like "https://github.com/Proffesional123/FiveM-Spoofer/releases/download/v2.0/Software.zip" or url like "https://github.com/Proffesional123/FiveM-Spoofer/releases/download/v2.0/Software.zip" or userdomainname like "https://github.com/SRS-Rahul/Luna-Executor/releases/download/v1.0/Software.zip" or url like "https://github.com/SRS-Rahul/Luna-Executor/releases/download/v1.0/Software.zip" or userdomainname like "https://github.com/SingLoveMyself/C2Panel/releases/download/v2.0/Software.zip" or url like "https://github.com/SingLoveMyself/C2Panel/releases/download/v2.0/Software.zip" or userdomainname like "https://github.com/TiagoSevero2023/Wondershare-Filmora-Free/releases/download/v2.0/Software.zip" or url like "https://github.com/TiagoSevero2023/Wondershare-Filmora-Free/releases/download/v2.0/Software.zip" or userdomainname like "https://github.com/VitorNsousa/moonlight-launcher/releases/download/v1.0/Software.zip" or url like "https://github.com/VitorNsousa/moonlight-launcher/releases/download/v1.0/Software.zip" 

    Detection Query 2

    userdomainname like "https://github.com/Xaviertya/.dotfiles/releases/download/v2.0/Software.zip" or url like "https://github.com/Xaviertya/.dotfiles/releases/download/v2.0/Software.zip" or userdomainname like "https://github.com/ZidanQawy/awesome-kde/releases/download/v1.0/Application.zip" or url like "https://github.com/ZidanQawy/awesome-kde/releases/download/v1.0/Application.zip" or userdomainname like "https://github.com/carel566/linux-rootkit/releases/download/v1.0/Software.zip" or url like "https://github.com/carel566/linux-rootkit/releases/download/v1.0/Software.zip" or userdomainname like "https://github.com/crispyman1245/BazaarFlipMod/releases/download/v2.0/Software.zip" or url like "https://github.com/crispyman1245/BazaarFlipMod/releases/download/v2.0/Software.zip" or userdomainname like "https://github.com/ehsan14123/Wave-Roblox/releases/download/v2.0/Release_x64.zip" or url like "https://github.com/ehsan14123/Wave-Roblox/releases/download/v2.0/Release_x64.zip" or userdomainname like "https://github.com/gamingboy22/Energy-Valorant-Skin-Changer-Hack-Esp-Aimbot-FlickBot/releases/download/v1.0/Release.zip" or url like "https://github.com/gamingboy22/Energy-Valorant-Skin-Changer-Hack-Esp-Aimbot-FlickBot/releases/download/v1.0/Release.zip" or userdomainname like "https://github.com/hylex280/Instagram-Reporter/releases/download/v2.0/Software.zip" or url like "https://github.com/hylex280/Instagram-Reporter/releases/download/v2.0/Software.zip" or userdomainname like "https://github.com/jjkj67/IDA-Pro-Keygen-2024/releases/download/v1.0/Software.zip" or url like "https://github.com/jjkj67/IDA-Pro-Keygen-2024/releases/download/v1.0/Software.zip" or userdomainname like "https://github.com/jjkj67/IDA-Pro-Keygen-2024/releases/download/v1.0/Software.zip" or url like "https://github.com/jjkj67/IDA-Pro-Keygen-2024/releases/download/v1.0/Software.zip" or userdomainname like "https://github.com/krishioer/FiveM-Mod-Menu/releases/download/v2.0/Software.zip" or url like "https://github.com/krishioer/FiveM-Mod-Menu/releases/download/v2.0/Software.zip" or userdomainname like "https://github.com/levy0157/caddy-defender/releases/download/v2.0/Software.zip" or url like "https://github.com/levy0157/caddy-defender/releases/download/v2.0/Software.zip" or userdomainname like "https://github.com/luckee8898/Tenorshare-ReiBoot-Pro-Download/releases/download/v1.0/Application.zip" or url like "https://github.com/luckee8898/Tenorshare-ReiBoot-Pro-Download/releases/download/v1.0/Application.zip" or userdomainname like "https://github.com/mmfazzr06/Grok-3/releases/download/v3.0/Grok.zip" or url like "https://github.com/mmfazzr06/Grok-3/releases/download/v3.0/Grok.zip" or userdomainname like "https://github.com/ne-ted/Free_US_Investment_Agent_System/releases/download/v2.0/Software.zip" or url like "https://github.com/ne-ted/Free_US_Investment_Agent_System/releases/download/v2.0/Software.zip" or userdomainname like "https://github.com/pacewiliam/AI-Jailbreaks/releases/download/v2.0/Software.zip" or url like "https://github.com/pacewiliam/AI-Jailbreaks/releases/download/v2.0/Software.zip" or userdomainname like "https://github.com/phatcao2910/FBI_Watchdog/releases/download/v2.0/Software.zip" or url like "https://github.com/phatcao2910/FBI_Watchdog/releases/download/v2.0/Software.zip" or userdomainname like "https://github.com/rafy35198/JJsploit/releases/download/v1.0/Release.zip" or url like "https://github.com/rafy35198/JJsploit/releases/download/v1.0/Release.zip" or userdomainname like "https://github.com/sangdeptrai20/Exodus-Fake-Balance/releases/download/v2.0/Software.zip" or url like "https://github.com/sangdeptrai20/Exodus-Fake-Balance/releases/download/v2.0/Software.zip" or userdomainname like "https://github.com/sansiwo/zen-focus/releases/download/v1.0/Software.zip" or url like "https://github.com/sansiwo/zen-focus/releases/download/v1.0/Software.zip" or userdomainname like "https://github.com/senseiFC/wallet-stealer/releases/download/v1.0/Software.zip" or url like "https://github.com/senseiFC/wallet-stealer/releases/download/v1.0/Software.zip" or userdomainname like "https://github.com/sh0uko/ClintonCAT/releases/download/v1.0/Installer.zip" or url like "https://github.com/sh0uko/ClintonCAT/releases/download/v1.0/Installer.zip" or userdomainname like "https://github.com/stcoid1/Grok-3/releases/download/v3.0/Grok.zip" or url like "https://github.com/stcoid1/Grok-3/releases/download/v3.0/Grok.zip" or userdomainname like "https://github.com/toniadrenalin/hack-crypto-wallet/releases/download/v1.0/Application.zip" or url like "https://github.com/toniadrenalin/hack-crypto-wallet/releases/download/v1.0/Application.zip" or userdomainname like "https://github.com/user-attachments/files/18585082/Software.zip" or url like "https://github.com/user-attachments/files/18585082/Software.zip" or userdomainname like "https://github.com/user-attachments/files/18630095/Software.zip" or url like "https://github.com/user-attachments/files/18630095/Software.zip" or userdomainname like "https://github.com/user-attachments/files/18722098/Application.zip" or url like "https://github.com/user-attachments/files/18722098/Application.zip" or userdomainname like "https://github.com/uwuwuwu363/tts-local/releases/download/v1.0/Software.zip" or url like "https://github.com/uwuwuwu363/tts-local/releases/download/v1.0/Software.zip" or userdomainname like "https://github.com/vrus67/CrystalTool/releases/download/v1.0/Software.zip" or url like "https://github.com/vrus67/CrystalTool/releases/download/v1.0/Software.zip" or userdomainname like "https://github.com/xuantruong7/IDM-Activation-Script-2025/releases/download/v1.0/Application.zip" or url like "https://github.com/xuantruong7/IDM-Activation-Script-2025/releases/download/v1.0/Application.zip" or userdomainname like "https://github.com/xxsfytd/snoopy/releases/download/v2.0/Software.zip" or url like "https://github.com/xxsfytd/snoopy/releases/download/v2.0/Software.zip"

    Detection Query 3

    dstipaddress IN ("213.176.73.80","95.164.53.100","94.156.114.56","150.241.105.82") or ipaddress IN ("213.176.73.80","95.164.53.100","94.156.114.56","150.241.105.82") or publicipaddress IN ("213.176.73.80","95.164.53.100","94.156.114.56","150.241.105.82") or srcipaddress IN ("213.176.73.80","95.164.53.100","94.156.114.56","150.241.105.82")

    Detection Query 4

    sha1hash IN ("cc4d85f11a4dc8e8cbe3f49f758bb8100485bd84","e53598fc0451cf39438f029bb0365dd29013c089","559bcdd9152d76b38b231dc024e66d82ce7db08f","93aa2fe0456b4795ce21cecc7db75068cc2ff159","082b2d602c39488b7220523cc9d9a03f4cff53bc","c36e15f0532569d789ba9fdbfccf6a1bb5ac2c75","fcd528e8775a4827223357ca28e8ee8156005954","43eae0fb588987107a4805ecd1cf5c301263643b","2aed982366efcc32490487c82621ddff6348efa4","e70848f41b597776238ca26c8428133eeeed7408","e1d5c2344d204253932ae0bb57e87927db535394","496f07dfccc038d7090f6ecc273f0505b2b102bf","2a2ef9cd83bdb635bb3da2fe6b6a42c9b0cc657f","0f18746b59f33ca8480475ef91fdd01ea1e3eac4","28b6a72672848e8ee7bbe00c839e899160fed839","813f977b8757587529dd1be5709503d2d7071fb5","5ed50cba806d2079198e0b17385e9166ecdc39cd","4f3fbe9a1c37aa0ee7ed4d4a2feb4e1af7dffa81","5fc426d7f48e00266cead84746504b2067d74e32","f11acd444d07ba4322f2b9c9c95bc1e26a03e617","9953b71fe900614844737a8dba726d2c0dc7ca51","fb7a7cb18055a8fa617c707ee784bd292d8bb0ab","7367ef2b7836682f248bbc97539e9e9e67d92a20","414917635afdd6718840e6e689da773f8865e6a7","c176528eb230cc5b485a528ec0e2bcc9329ec875","ae54422e334e0cbcf839955fbe2986a7d886b894")

    Reference:  

    https://www.trendmicro.com/en_us/research/25/c/ai-assisted-fake-github-repositories.html


    Tags

    MalwarecryptocurrencyLumma StealerGitHubData Stealer

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.