The Curious Case of the Triton Malware Fork
Essential information
- Published
- 19/02/2026 15:26
- Modified
- 19/02/2026 18:13
- Tags
- 2026-02-19 code-hosting fork github macos malware open-source triton triton malware fork windows
- Related entities
- 3 observables, 7 techniques (mitre), 1 malware, 1 others
Description
A malicious fork of the MacOS app Triton was discovered on GitHub, containing Windows-targeted malware disguised as the legitimate application. The attacker modified the repository, redirecting download links to a ZIP file hosting the malware. Analysis revealed sophisticated evasion techniques, anti-analysis features, and potential cryptocurrency functionality. The low detection rate and peculiar implementation suggest either an amateur attempt or a possible AI-generated attack. The incident highlights broader concerns about GitHub's security practices and Microsoft's priorities, prompting a call for developers to consider alternative code hosting platforms that better align with open-source values and user privacy.