Warning: “Free VPN for PC” on GitHub is a Trap for Lumma Stealer Spyware
Cybercriminals have begun leveraging GitHub to disseminate dangerous spyware disguised as a free VPN service. The malicious campaign, uncovered by researchers at Cyfirma, masqueraded as a program called “Free VPN for PC.” Instead of providing secure internet access as promised, the software surreptitiously installed one of the most notorious info-stealers—Lumma Stealer—on victims’ computers.
This is far from an isolated incident. Investigators also identified another malware-laden file, this time under the guise of “Minecraft Skin.” Judging by the filenames, attackers appear to be targeting a broad spectrum of users—from privacy-conscious adults to young gamers.
The presence of such malware on GitHub underscores a troubling trend: cybercriminals are increasingly exploiting reputable, open-source platforms to spread their malicious payloads unnoticed. The trusted reputation of GitHub, coupled with its user-generated content model, allows these threats to remain hidden in plain sight for extended periods.
Lumma Stealer has been actively marketed as a service since 2022, sold via Telegram and dark web forums on a subscription basis ranging from $140 to $160 per month. Written in C, the malware is designed to exfiltrate sensitive data, from login credentials to cryptocurrency wallet keys. Infection vectors vary, including YouTube videos promoting cracked software, or fake CAPTCHA windows that coax users into entering commands into the console under the pretense of identity verification.
Earlier this year, the U.S. Department of Justice, in collaboration with Microsoft, launched a large-scale operation to dismantle Lumma Stealer’s infrastructure. More than 2,300 malicious domains were taken down in the process. Yet, isolated campaigns appear to persist.
Experts emphasize that cybersecurity begins with user vigilance. Avoid downloading files from unverified sources, clicking on unsolicited links, or executing commands from dubious websites. Basic measures—such as antivirus software and two-factor authentication—remain critical, especially when malware lurks in places users least expect.
