Multiple reports say hundreds of GitHub repositories are being used to impersonate legitimate software and security projects in order to distribute malware. The activity involves repositories that present themselves as real tools but are designed to deliver “infostealer” payloads, which aim to extract sensitive information from victims’ devices. According to the reporting, the malware is intended to collect credentials such as passwords, along with other data including cryptocurrency-related information.

Both outlets describe the scale of the operation as large, with figures near the “hundreds” range—one report cites nearly 300 repositories—suggesting a coordinated effort to increase the likelihood that users will install or interact with malicious packages. The repositories are presented as credible projects, potentially relying on names, descriptions, or apparent repository structure to appear authentic.

The reporting does not detail attribution beyond describing the threat actor’s behavior, but it emphasizes the impersonation technique and the focus on credential and data theft. The key point across sources is that the repositories are not legitimate software, despite their appearance on GitHub.