ADVERTISEMENT

10,000 malicious GitHub repos detected: AI agents compromising their owners

Developers on GitHub are finding their projects cloned by the thousands. Hackers slip trojans into fake repos and wait for a sleepy developer or a gullible AI agent to download one. So far, 10,000 repositories have been flagged, and GitHub is actively removing them.

github trojan

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
Jun 19, 2026 Updated: 19 June 2026 4 min read
Key takeaways:
malicious repo
thousands malicious repos

What’s in the sack?

  • an executable, such as loader.exe, luajit.exe, or another_name.exe,
  • a Windows Command Script (.cmd) file,
  • A random deco text file (.txt or .cso),
  • a DLL library named lua51.dll.
ADVERTISEMENT
github_zip_contents
Image by Hexastrike

AI agents are the likely target

Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.

GitHub is removing flagged repos, but the response is inconsistent

github removing repos

Who’s behind the attacks?


ADVERTISEMENT