Malware And CampaignsCampaign

REF1695 fake installer campaign uses GitHub to host payloads

April 3, 2026The Hacker News

The Hacker News describes REF1695 distributing RATs, crypto miners, and CNB Bot via fake installers and ISO files, including tactics to bypass Windows protections and using GitHub as hosting for payload delivery.

Open in PulseSee the full expert discussion →

QUOTES

A cybercrime campaign since 2023 spreads malware via fake installers.

REF1695 delivers RATs, crypto miners, and CNB Bot via ISO files, tricks users to bypass Windows protections, and uses GitHub to host payloads.

VOICES

The Hacker News

RELATED TERMS

malwaregithubgithubmalware

OTHER FINDINGS IN MALWARE AND CAMPAIGNS

Axios npm package compromise, WAVESHAPER.V2 cross platform RAT Handala Hack Telegram threat claiming imminent Lockheed Martin data leak Telnyx PyPI compromise (TeamPCP) shipping malware in telnyx 4.87.1/4.87.2

AMYGDALA PULSE

See what experts are saying right now

This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new expert voices, debates, and emerging ideas.

Open Cyber Security Pulse Browse all topics

← Back to Cyber Security