Bleepingcomputer
Infostealer Infections Fuel Malware Campaigns Targeting Artlist and GitHub Repositories
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
In July 2026, researchers uncovered two significant malware campaigns linked to infostealer infections. The first involved a ClickFix campaign on Artlist's blog, where attackers injected malicious code after compromising an employee's credentials obtained through an infostealer infection from a pirated software download in 2023. The second campaign involved nearly 300 fake GitHub repositories impersonating legitimate software to distribute infostealer malware, identified by ArcticWolf starting June 26, 2026. The malware targets sensitive data from web browsers and cryptocurrency wallets, exfiltrating information to a Russia-based command-and-control server. GitHub has since removed many of the malicious repositories, but some redirectors remain active. Both incidents highlight the ongoing threat posed by infostealers and the exploitation of compromised credentials.
Key Points: • A ClickFix campaign on Artlist's blog was fueled by compromised credentials from an infostealer. • Nearly 300 fake GitHub repositories were identified, distributing infostealer malware to users. • The malware targets sensitive data from browsers and cryptocurrency wallets, exfiltrating it to a C2 server.