Malicious Fork Distributes Windows Malware Via GitHub

Security researchers report that attackers published a malicious fork of the Triton macOS client on GitHub, distributing a trojanized archive named Software_3.1.zip with SHA-256 39b29c38c03868854fb972e7b18f22c2c76520cfb6edf46ba5a5618f74943eac. The Windows-only payload is promoted via README links to an Xcode asset path and shows 12/66 VirusTotal detections; defenders should validate repository owners and monitor provided IOCs.
Key Points
- 1Delivers trojanized Software_3.1.zip via a forked Triton macOS repository on GitHub
- 2Uses README raw-asset links and backdated commits to impersonate legitimacy and entice downloads
- 3Monitor SHA-256, domains, and processes (7za.exe, Launcher.cmd, luajit.exe) as actionable IOCs
Scoring Rationale
Detailed, actionable IOCs and practical mitigations increase impact, but single-source reporting and limited attribution constrain confidence.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
