Fake Apps on GitHub Spread Malware

Fake installers for apps like ChatGPT on GitHub and SourceForge are being used to distribute a stealthy Deno-based backdoor.

A new malware campaign is using trusted developer platforms GitHub and SourceForge to distribute a backdoor. Attackers are creating fake installers and plugins that impersonate popular software, including AI tools like ChatGPT and Claude, as well as creative applications such as AutoTune and Kontakt. These malicious files are promoted through compromised YouTube channels, which direct unsuspecting users to the download pages. When a user installs the fake software, it deploys a backdoor known as DinDoor. This initial payload is designed to establish a foothold on the victim's system and then download and execute additional malware.

This campaign is significant because it abuses the trust users place in platforms like GitHub and SourceForge, making the malicious downloads appear legitimate. The use of the Deno runtime for the backdoor is a notable evasion tactic, as it may not be detected by security software focused on more common malware environments. The ultimate goal of the DinDoor backdoor is to install further malicious payloads, including stealthy remote access trojans (RATs). This gives attackers persistent control over the infected machine, allowing them to steal data, monitor activity, and use the system for other malicious purposes. The wide range of impersonated software targets developers, security professionals, and general business users alike.

The campaign abuses trusted developer platforms like GitHub and uses a novel Deno-based backdoor, which may evade traditional security tools. It targets a broad audience by impersonating popular software, increasing the risk of infection.

Infected systems can lead to data theft, corporate espionage, and financial loss. The use of trusted platforms for distribution increases the risk of employees inadvertently downloading malware, bypassing corporate security policies and compromising network integrity.