Infostealer Infections Fuel Malware Campaigns Targeting Artlist and GitHub Repositories

Infostealer Infections Fuel Malware Campaigns Targeting Artlist and GitHub Repositories

First seen 14 Jul 2026, 19:58 UTC Infostealerswww.derp.caBleepingcomputergithub.com 83% similarity 67.5

Article Content

Browse articles
ThreatCluster

In July 2026, researchers uncovered two significant malware campaigns linked to infostealer infections. The first involved a ClickFix campaign on Artlist's blog, where attackers injected malicious code after compromising an employee's credentials obtained through an infostealer infection from a pirated software download in 2023. The second campaign involved nearly 300 fake GitHub repositories impersonating legitimate software to distribute infostealer malware, identified by ArcticWolf starting June 26, 2026. The malware targets sensitive data from web browsers and cryptocurrency wallets, exfiltrating information to a Russia-based command-and-control server. GitHub has since removed many of the malicious repositories, but some redirectors remain active. Both incidents highlight the ongoing threat posed by infostealers and the exploitation of compromised credentials.

Key Points: • A ClickFix campaign on Artlist's blog was fueled by compromised credentials from an infostealer. • Nearly 300 fake GitHub repositories were identified, distributing infostealer malware to users. • The malware targets sensitive data from browsers and cryptocurrency wallets, exfiltrating it to a C2 server.

ThreatCluster AI

Timeline

2023-08-01
Infostealer infection occurs
An Israeli developer downloads pirated software, leading to credential theft from Artlist.
Infostealers
2026-06-26
Fake GitHub repositories identified
ArcticWolf discovers 292 fake repositories impersonating legitimate software to distribute malware.
BleepingComputer
2026-07-14
ClickFix campaign reported
Hudson Rock details how compromised credentials were used in a ClickFix campaign on Artlist's blog.
Infostealers
2026-07-14
GitHub removes malicious repositories
GitHub takes down a significant number of the identified malicious repositories, but some remain active.
BleepingComputer

Community

Browse all →