CYFIRMA Research- GitHub Abused to Spread Malware Disguised as Free VPN

Update: 2025-07-14

Description

CYFIRMA Research's latest report explores a fake "Free VPN for PC" app hosted on GitHub, delivering a packed DLL payload using obfuscated Base64 hidden in junk strings. It uses P/Invoke to load a hidden DLL, executes GetGameData, and injects into legit processes like MSBuild.exe. Packed, evasive, and anti-debug.

Link to the Research Report: https://www.cyfirma.com/research/github-abused-to-spread-malware-disguised-as-free-vpn/

#MalwareAnalysis #CyberSecurity #DLLInjection #FakeVPN #ReverseEngineering #CYFIRMA #CYFIRMAresearch #ETLM #ExternalThreatLandscapeManagement

https://www.cyfirma.com/

Comments

In Channel

CYFIRMA Research- APT36 Campaign Targets Indian Defense BOSS Linux system

2025-08-2903:41

CYFIRMA Research- Lazarus Stealer

2025-08-2904:17

CYFIRMA Research- Android Malware Posing as Indian Bank Apps

2025-08-2808:44

CYFIRMA Research- Raven Stealer

2025-08-1804:00

CYFIRMA Research: EdskManager RAT- Multi-Stage Malware with HVNC and Evasion Capabilities

2025-07-2505:15

CYFIRMA Research: CVE-2025-5777– Pre-Auth Memory Leak in Citrix NetScaler (CitrixBleed 2)

2025-07-2105:00

CYFIRMA Research- Octalyn Stealer Unmasked

2025-07-1804:58

CYFIRMA Research- Tracking Ransomware- June 2025

2025-07-1604:54

CYFIRMA Research- RENDERSHOCK- Weaponizing Trust in File Rendering Pipelines

2025-07-1505:58

CYFIRMA Research- GitHub Abused to Spread Malware Disguised as Free VPN

2025-07-1405:19

CYFIRMA Research- Phishing Attack: Deploying Malware on Indian Defense BOSS Linux

2025-07-0803:20

CYFIRMA Research - 12-Day War update

2025-07-0207:40

CYFIRMA Research- Odyssey Stealer

2025-06-2605:26

CYFIRMA Research- APT36 Phishing Campaign Targets Indian Defense Using Credential-Stealing Malware

2025-06-2406:36

CYFIRMA Research- Tracking Ransomware: May 2025

2025-06-1804:04

CYFIRMA Research: Understanding CyberEye RAT Builder- Capabilities and Implications

2025-06-1605:30

CYFIRMA Research: Ukraine's Attack on Russia's Strategic Air Force- Live Feed from Revolution in Military Affairs

2025-06-1308:35

CYFIRMA Research: DuplexSpy RAT- A Stealthy Windows Malware Enabling Full Remote Control and Surveillance

2025-06-1106:14

CYFIRMA Research: Firewalls and Frontlines- The India-Pakistan Cyber Battlefield Crisis

2025-06-0606:47

CYFIRMA Research- Versa Concerto: Understanding and Mitigating CVE-2025-34027

2025-06-0404:27

00:00

CYFIRMA Research- GitHub Abused to Spread Malware Disguised as Free VPN

#box-pro-ellipsis-175674010044437{-webkit-line-clamp:2;}CYFIRMA Research- GitHub Abused to Spread Malware Disguised as Free VPN

CYFIRMA Research- GitHub Abused to Spread Malware Disguised as Free VPN

CYFIRMA

CYFIRMA Research- GitHub Abused to Spread Malware Disguised as Free VPN