Alert: IT and OSINT professionals targeted by PyStoreRAT backdoor via GitHub. Stay vigilant and verify software sources. #CyberSecurity #PyStoreRAT #GitHub #Infosec Link: thedailytechfeed.com/sophisticate...

PyStoreRAT: New Supply Chain RAT Targets Developers

~Morphisec~
A new modular RAT, PyStoreRAT, targets developers using weaponized GitHub repositories disguised as legitimate tools.
-
IOCs: (None identified)
-
#PyStoreRAT #SupplyChain #ThreatIntel

PyStoreRAT Campaign Uses Fake GitHub Projects to Target OSINT and IT Professionals   Cybersecurity researchers have identified a previously undocumented malware operation that leverages GitHub to distribute a threat known as PyStoreRAT. The campaign primarily targets individuals working in information technology, cybersecurity, and open-source intelligence research, exploiting their reliance on open-source tools. The findings were published by Morphisec Threat Labs, which described the operation as a coordinated and deliberate effort rather than random malware distribution. The attackers focused on blending into legitimate developer activity, making the threat difficult to detect during its early stages. PyStoreRAT functions as a Remote Access Trojan, a type of malware that enables attackers to maintain hidden and persistent access to an infected system. Once deployed, it can gather detailed system information, execute commands remotely, and act as a delivery mechanism for additional malicious software. According to the research, the attackers began by reviving dormant GitHub accounts that had shown no activity for extended periods. These accounts were then used to upload software projects that appeared polished, functional, and credible. Many of the repositories were created with the help of artificial intelligence, allowing them to closely resemble genuine open-source tools. The fake projects included OSINT utilities, decentralized finance trading bots, and AI-based applications such as chatbot wrappers. Several of these repositories gained visibility and user trust, with some rising through GitHub’s trending rankings. Only after achieving engagement did the attackers introduce subtle updates that quietly embedded the PyStoreRAT backdoor under the guise of routine maintenance. Once active, PyStoreRAT demonstrates a high degree of adaptability. Morphisec researchers found that it profiles infected systems and can deploy additional payloads, including known data-stealing malware families and Python-based loaders. The malware also modifies its execution behavior when it detects certain endpoint protection products, reducing its exposure to security monitoring. The threat is not limited to a single delivery method. PyStoreRAT can propagate through removable storage devices such as USB drives and continuously retrieves updated components from its operators. Its command-and-control infrastructure relies on a rotating network of servers, allowing attackers to issue new instructions quickly while complicating takedown efforts. Researchers also identified non-English language elements within the malware code, including Russian-language terms. While this does not confirm attribution, Morphisec noted that the level of planning and operational maturity places the campaign well beyond low-effort GitHub-based malware activity. GitHub has removed the majority of the malicious repositories linked to the campaign, though a small number were still accessible at the time of analysis. Security experts stress that developers and researchers should remain cautious when downloading tools, carefully review code changes, and avoid running projects that cannot be independently verified. Morphisec concluded that the campaign surfaces a vastly growing trend, where attackers combine AI-generated content, social engineering, and resilient cloud infrastructure to bypass traditional security defenses, making awareness and verification more critical than ever.

PyStoreRAT Campaign Uses Fake GitHub Projects to Target OSINT and IT Professionals #GitHub #malware #PyStoreRAT

New A new malware campaign is spreading PyStoreRAT via fake GitHub repositories disguised as OSINT and AI tools, targeting developers to steal cryptocurrency wallets and other sensitive data.

⚠️ New malware 'PyStoreRAT' targets developers via fake GitHub repos for OSINT & AI tools. The RAT steals crypto wallets, drops more malware like Rhadamanthys & spreads via USB. Be cautious with open-source tools! 💻 #Malware #GitHub #PyStoreRAT #In...

PyStoreRAT leverages AI-generated GitHub repos to deliver a JavaScript/HTA loader that fingerprints systems, fetches Rhadamanthys, spreads via removable drives and uses rotating C2 nodes (node{i}-py-store). #PyStoreRAT #Rhadamanthys #GitHub https://bit.ly/4aVabAS

Cybercriminals are exploiting GitHub repositories to distribute PyStoreRAT malware, targeting developers with fake OSINT tools. Stay vigilant! #CyberSecurity #Malware #GitHub #PyStoreRAT Link: thedailytechfeed.com/cybercrimina...

New PyStoreRAT Malware Targets OSINT Researchers Through GitHub Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

New PyStoreRAT Malware Targets OSINT Researchers Through GitHub
hackread.com/pystorerat-r...

#Infosec #Security #Cybersecurity #CeptBiro #PyStoreRAT #Malware #OSINTResearchers #GitHub

New PyStoreRAT Malware Targets OSINT Researchers Through GitHub Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Watch out OSINT researchers and IT professionals - A new malware called #PyStoreRAT is abusing fake #GitHub projects and AI generated code to infect systems through seemingly legitimate tools.

Read: hackread.com/pystorerat-r...

#CyberSecurity #Malware #OSINT #Infosec #CyberCrime

PyStoreRAT: New Supply Chain Malware on GitHub

~Morphisec~
New PyStoreRAT backdoor spreads via malicious commits to popular AI-generated GitHub projects targeting IT and OSINT pros.
-
IOCs: (None identified)
-
#PyStoreRAT #SupplyChain #ThreatIntel