概要
A large-scale malware operation is abusing GitHub to deliver a custom LuaJIT-based trojan to developers, gamers, and everyday users through convincing but trojanized repositories. The campaign, tracked as “TroyDen’s Lure Factory,” spans more than 300 delivery packages and uses AI-assisted lures ranging from OpenClaw deployment tools to game cheats, Roblox scripts, crypto bots, VPN crackers, and a Telegram-promoted phone tracker.
キャンペーンの中心
The centerpiece of the campaign is a fake repository, AAAbiola/openclaw-docker, posing as a Docker deployment helper for the legitimate OpenClaw AI project. The repo looks credible: it reuses the real upstream OpenClaw source, ships functional Dockerfiles and install scripts, includes multiple listed contributors, and even has a matching GitHub Pages site and SEO-optimized tags such as ai-agents, docker, openclaw, LLM, and security.
信頼性の向上
To further boost trust, the operator, using the TroyDen persona, seeded stars and forks from throwaway accounts to manufacture social proof before quietly inserting the malicious Diatrymiformes directory under an innocuous “Update README.md” commit.
マルウェアの展開
The same 771 KB trojanized binary from this OpenClaw deployer resurfaces in other lures, including a “phone-number-location-tracking-tool” repo and a “fishing-planet-enhanced-menu” cheat, all of which rotate their active payload links in lockstep.
AIの役割
Netskope Threat Labs identified a link to a malware campaign operating across at multiple GitHub repositories, spanning over 300 delivery packages, including an OpenClaw deployment. Across the broader cluster, lure names mix tool-like labels with obscure biology, Latin, and medical terms (for example, Diatrymiformes and Chelydridae), a pattern that strongly suggests AI-generated naming rather than manual curation at scale.
AI-Driven OpenClaw Trap
The core of TroyDen’s toolchain is a two-component LuaJIT loader designed explicitly to defeat automated analysis. Victims download a ZIP whose Launch.bat simply runs unc.exe with license.txt as an argument, where unc.exe is a stripped LuaJIT 2.1 interpreter and license.txt is an encrypted, Prometheus-obfuscated Lua payload.
マルウェアの展開と検出
Netskope analysts bypassed this by patching the sleep, revealing that, in real environments, the malware completes its core activity in under thirty seconds. This design matches a growing family of Prometheus-obfuscated LuaJIT loaders documented since 2024.
攻撃チェーンの検出
Netskope Advanced Threat Protection ultimately detected the counterfeit OpenClaw deployer and related packages through behavioral heuristics rather than signatures, blocking customers before compromise and reporting the key repositories to GitHub on March 20, 2026.