Trend Micro's Managed XDR team investigated a sophisticated campaign distributing Lumma Stealer through GitHub. The attackers exploited GitHub's release infrastructure to deliver various malware, including SectopRAT, Vidar, and Cobeacon. The campaign used compromised websites for redirection to GitHub-hosted malicious payloads. The malware exfiltrated sensitive data, connected to C&C servers, and employed evasion techniques. The tactics show similarities with the Stargazer Goblin group, known for using compromised websites and GitHub for payload distribution. The attack chain involved multiple stages, including initial access through GitHub, execution of malware, and subsequent deployment of additional tools. The campaign highlights the evolving distribution methods of Lumma Stealer and the importance of proactive security measures.