Github scam investigation: Thousands of “mods” and “cracks” stealing data

While looking through the articles on a "social engineering" themed forum I discovered a relatively new scam scheme that shocked me. People create thousands of GitHub repositories with all sorts of things - from Roblox and Fortnite mods to "cracked" FL Studio and Photoshop. As soon as you download and launch any of these, all the data from your computer is collected and sent to some discord server - where hundreds of people crawl through the data searching for crypto wallet private keys, bank accounts and social media credentials, and even Steam and Riot Games accounts. TL;DR I found a step-by-step guide to creating these scam repositories, broke it down and eventually found a couple of the repositories potentially created by the guide author. Wrote a script that helped me find 1115 repositories built based on the instructions from the guide. Less then 10% of them have open issues with complaints - others look just fine. I collected all of them in a single spreadsheet. Found the ... Read full article.