The Reveal Platform
Intel Name: Github abused to spread malware disguised as free vpn
Date of Scan: July 10, 2025
Impact: High
Summary: A recent malware campaign hosted on GitHub abuses popular lures like “Free VPN for PC” and “Minecraft Skin Changer” to trick users into executing a malicious dropper named Launch.exe. The campaign uses techniques such as process injection, DLL side-loading, and stealthy execution to deploy Lumma Stealer, an information-stealing malware. Technical analysis reveals both static and dynamic behaviors, along with obfuscation and anti-analysis methods.
