← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - FakeGit: LuaJIT malware distributed via GitHub at scale
A Vietnamese-speaking operator has been distributing LuaJIT-based malware through GitHub since March 2025. The repos impersonate cracked browser extensions for SaaS tools, gaming cheats, developer utilities, and adult content. Each contains a ZIP archive with a LuaJIT loader chain. BitDefender tracks the archives as Gen:Heur.FakeGit.1 (as of March 2026). ESET tracks the Lua payloads as Lua/Agent.Z through Lua/Agent.BT (as of March 2026) -- 16 distinct obfuscator generations across the campaign.
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
Lua
Indicators of Compromise (18 / 75 total)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 00f60ee3ff2dee681b5d7d442009b2c2 | MD5 of 5343326fb0b4f79c32276f08ffcc36bd88cde23aa19962bd1e8d8b80f5d33953 | 2026-03-10 | |
| FileHash-MD5 | 1fed6eb66a2351f5032a467ad1ff27c5 | MD5 of 2c5d4e26385d968570ffe8c602e431bd7fc88c3f637d0b1736ee7326c754b9ab | 2026-03-10 | |
| FileHash-MD5 | 4ebd617a3ad9a9619172bd14a902a400 | MD5 of c7a657af5455812fb215a8888b7e3fd8fa1ba27672a3ed9021eb6004eff271ac | 2026-03-10 | |
| FileHash-MD5 | 6642d0d5c321637c1fe4d714fa585453 | MD5 of 1f546f1b4b2cd404fdd2ba9b52223ecf935ad26588993f703bef69db4c94034e | 2026-03-10 | |
| FileHash-MD5 | 690d7c8018b8dc14efc22f52f3c3d0ae | MD5 of 365d1b01cd5e605f6e7d39b192aaf56040176f2bce6eaec0fc11584850793a83 | 2026-03-10 | |
| FileHash-MD5 | 7b69212e0f9e632a75659140e1fafb18 | MD5 of 89730887d1ac7aab9e37d590081a5c9c56fa3f79b24960bff3f9cdabb0486424 | 2026-03-10 | |
| FileHash-MD5 | 85d426d8cedc9261000de61b8692e05d | MD5 of ac5885b78810a7bf987ff6674f6717059e227df9c969b9fb46d00b2c0de1ba74 | 2026-03-10 | |
| FileHash-MD5 | 8a66481ffaf76100e8a1971b27ebee82 | MD5 of 61f5e68f1dc91eee925af875bf511de0de1483a8e663567c22ca4bc568808341 | 2026-03-10 | |
| FileHash-MD5 | a5edd208f0f92184a06b9dfb8eb5acee | MD5 of 2ea6200c846af534a07338a803acf7f49520abf59b2ae82a701a24e7fada0b97 | 2026-03-10 | |
| FileHash-MD5 | b1535d38c1501d670ee19bfacdf12fd3 | MD5 of 88ec32a311b56441cfe6126b7780f073f36dfb8808de0dab9219d1a0be9c01ac | 2026-03-10 | |
| FileHash-MD5 | b67e7e170c4e0163917772849582cb5d | MD5 of a3e6236fa517f863ea551e17fcedcfc22df23e044dcd4863e6ddf3ef00966596 | 2026-03-10 | |
| FileHash-MD5 | b9c3f7efd325c8df5530424182106713 | MD5 of dce5fc61e153377bb42b53b7dfca841399dd5c94d5fdf2631617a6df8c7cded1 | 2026-03-10 | |
| FileHash-MD5 | bed57662419fa3856cac1e633a60facc | MD5 of b0ca436fef7c39e0f6ebd93989d38b9a58eb4d1cf83ab45d7b07d70794a59e6d | 2026-03-10 | |
| FileHash-MD5 | bff3a81de5ffacbeddd5de793cede666 | MD5 of f3e34c9e36f3be065d80d456281d31dd1cc85eb4980db7fa8c1b0eb6f29c25d8 | 2026-03-10 | |
| FileHash-MD5 | c73ba3c796aa5bbd96674feb2bc030e2 | MD5 of acdd9ac3d55c4b1e12a239331145665d9eddf84a7a34fccac164f8afd006f875 | 2026-03-10 | |
| FileHash-MD5 | ca63d5423c1be2eda0f7f5624b1b0f92 | MD5 of 4508b938d16e16585d4065d10ba5890f380a9d7e82d1ae0246bae41937d17add | 2026-03-10 | |
| FileHash-MD5 | ce7f9311e63d298cbc1b948fe8da54d8 | MD5 of ebb0c76a03b8bb0ba246b8b31143f4462b4c3b0b3b5d581c499b4c3a484fd792 | 2026-03-10 | |
| FileHash-MD5 | e3dc99990b09c552d005fe8de3b547d9 | MD5 of ef224f48255771d28b15169d60c8b0a925875dba15b3bd245c0b34d77290120d | 2026-03-10 |