Modern threat actors have moved beyond manual coding to highly automated "factories" that clone legitimate projects and inject them with malicious payloads. These campaigns can flood the platform with millions of malicious repositories, often using AI-generated content to appear legitimate.
Security researchers have identified several sophisticated methods used by these "factories" to evade detection:
Using botnets to add stars and forks to malicious repositories, making them appear trustworthy to unsuspecting users.
Distributing trojans disguised as AI developer tools, game cheats, and crypto-related software. Specialized Trojan Generators and Tools
A simulation system that allows red teams to quickly build "light agent" malware and dynamic attack functions for security exercises.
Several GitHub projects act as "factories" for specific types of trojans, often for educational or red-teaming (security simulation) purposes: