ADVERTISEMENT

Hackers use GitHub to spread malware disguised as a free VPN

Attackers are weaponizing GitHub to deliver powerful infostealing malware under the guise of a free VPN.

information stealer
Paulina Okunytė
Paulina Okunytė Senior Journalist
Jul 13, 2025 Updated: 12 July 2025 2 min read
Has my data been leaked?
ADVERTISEMENT
vilius Ernestas Naprys Paulina Okunyte Gintaras Radauskas
Don’t miss our latest stories on Google News.
Add us as your Preferred Source on Google.

How to prevent future Lumma infostealer infections

  • Avoid clicking suspicious links: Most Lumma Stealer infections start with a phishing link. These can appear in emails, social media messages, or in ads. Always check whether the link you’re clicking comes from a reputable website.
  • Don’t download files from unknown sources: Lumma Stealer is often hidden in files like pirated games, TV shows, or ebooks. If you’re downloading files from such sources, proceed with extreme caution.
  • Use antivirus software: Antivirus software will ensure that you have real-time protection enabled, and, should you run into Lumma Stealer, it will protect you from accidentally installing it.
  • Do not paste commands into the command line or run window: Lumma Stealer websites often prompt you to run something in your run window or command line to “confirm your identity.” This isn’t needed. Do not paste commands from unknown websites into the command line, as these attacks can be hard to detect even for the best antivirus software.
  • Enable two-factor authentication (2FA): In case you become infected, 2FA will help you avoid losing access to important accounts, like your online banking, or email.
ADVERTISEMENT