Fake Open‑Source Sites Use TDS to Distribute Remus, SessionGate and Clippers

Colleagues, please note: a cyber‑security campaign has been uncovered in which fake open‑source sites use Traffic Distribution Systems (TDS) to redirect users to malicious downloads.
- They mimic projects and retain GitHub links, but intercept the "Download" click, routing it through an anti‑bot TDS.
- They deliver Remus Stealer, AnimateClipper and a SessionGate loader; repeated attempts sometimes serve legitimate installers.
- They exploit SEO to rank high in searches; activity observed since September 2025, scaling from January 2026.
Why this matters: visual inspection is unreliable — verify download sources, filter domains and strengthen EDR protections.
How do you verify the legitimacy of downloads?
#cybersecurity #infosec #opensource #malware


Latest comments
No comments yet.