Inside the AI-Driven “Lure Factory” Flooding GitHub with Trojans

A sophisticated and highly automated malware operation is currently flooding GitHub with hundreds of trojanized repositories. Dubbed “TroyDen’s Lure Factory” by researchers at Netskope Threat Labs, the campaign leverages AI-assisted generation to create convincing traps for a wide range of victims—from AI developers and crypto users to gamers and casual web surfers.

Over 300 delivery packages identified across multiple repositories, all sharing a single, malicious toolchain.

The attackers don’t just host malware; they manufacture social proof. A prime example is the openclaw-docker repository, which masquerades as a legitimate deployment tool for an AI project. It features a polished README, a companion website, and even functional code contributed by real, unsuspecting developers to build trust.

The campaign’s naming conventions suggest that AI is the mastermind behind the curtains. Lure directories use obscure biological taxonomy, archaic Latin, and medical terminology—such as Diatrymiformes or nephrosclerosis—systematically applied at scale. As the Netskope report highlights:

“A human naming things manually and at scale does not reach for kidney disease terminology to name a Valorant cheat subdirectory”.

The malware itself is a masterclass in sandbox evasion. It uses a two-component design consisting of a renamed LuaJIT runtime (often named unc.exe) and an encrypted Lua script (license.txt).

Individually, these files appear harmless to automated security scanners. The malicious behavior only emerges when they execute together, triggering a series of advanced anti-analysis checks:

• System Profiling: The trojan checks for debuggers, low RAM, and system uptime to identify analysis environments.
• The “29,000 Year Sleep”: To defeat timed sandboxes, the malware deploys a sleep call of roughly 29,000 years.
• Instant Exfiltration: Once it confirms it is on a real victim’s machine, it captures a full-desktop screenshot and sends it to a server in Frankfurt within 30 seconds.

The backend infrastructure is as scalable as the lures. Netskope identified eight separate front-end nodes in Frankfurt, all load-balanced behind a single C2 panel. Researchers suspect that the attackers may even be using AI models to interpret the massive influx of incoming victim screenshots in a non-deterministic manner.

While the campaign targets a variety of audiences—including Roblox players, VPN seekers, and Fishing Planet gamers—the ultimate goal is consistent: credential theft. The malware loads the Windows DPAPI to decrypt stored credentials, likely delivering final-stage payloads like Redline or LummaStealer.

With AI coding agents making it easier than ever to mass-produce malware, the threat to the GitHub ecosystem is growing. Netskope Threat Labs recommends that users exercise extreme caution when downloading tools or scripts, even those with stars and professional READMEs.