A newly identified threat actor, Water Curse, is exploiting GitHub to deliver weaponized repositories containing multistage malware. The group has been linked to at least 76 GitHub accounts, targeting cybersecurity professionals, game developers, and DevOps teams. Their malware enables data exfiltration, remote access, and long-term persistence on infected systems. The attack begins with trojanized open-source tools, progresses through complex infection chains using obfuscated scripts, and culminates in extensive system reconnaissance and data theft. Water Curse employs anti-debugging techniques, privilege escalation methods, and persistence mechanisms to maintain control over affected systems. The campaign poses a significant supply chain risk, especially to those relying on open-source tooling from GitHub.