Distribution of SmartLoader Malware via Github Repository Disguised as a Legitimate Project
Essential information
- Published
- 13/08/2025 15:43
- Modified
- 13/08/2025 15:48
- Tags
- 2025-08-13 c2 game cheats github infostealer luascript lumma stealer obfuscation persistence redline rhadamanthys smartloader software-cracks
- Related entities
- 11 observables, 14 techniques (mitre), 4 malware
Description
A massive distribution of SmartLoader malware has been discovered through GitHub repositories masquerading as legitimate projects. These repositories focus on topics like game cheats, software cracks, and automation tools to attract users. The malware is distributed via compressed files containing a legitimate Lua loader executable, a malicious batch file, and an obfuscated Lua script. Once executed, SmartLoader establishes persistence, sends system information to a C2 server, and downloads additional payloads. The malware has been observed downloading InfoStealer malware such as Rhadamanthys, Redline, and Lumma Stealer. Users are advised to download software only from official sources and to carefully verify the credibility of GitHub repositories before use.