TLDR
Attackers are uploading fake installers and plugins for popular software such as ChatGPT, Claude, AutoTune, Kontakt and Ableton Live to GitHub and SourceForge. Compromised YouTube channels (with AI generated videos already passing 50,000...
How it works
Attackers are uploading fake installers and plugins for popular software such as ChatGPT, Claude, AutoTune, Kontakt and Ableton Live to GitHub and SourceForge. Compromised YouTube channels (with AI generated videos already passing 50,000...
Red flags
- The installer or "plugin" asks you to open a terminal and manually copy paste a command from the README. The GitHub or SourceForge account is brand new, has no history, or reposts many unrelated "cracked" or "free" tools. The YouTube video promoting the link is AI generated, comes from a small or unrelated channel, or mixes random software tutorials
What to do
- 1Download software only from the official vendor site or verified storefronts
- 2avoid GitHub/Sour
Source
malwarebytes
Source reviewed by Mythos Forensic Team
https://www.malwarebytes.com/blog/threat-intel/2026/05/fake-software-on-github-and-sourceforge-distribute-deno-ratFAQ
Is Fake ChatGPT, Claude and gaming software on GitHub and SourceForge install a stealthy RAT a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
The installer or "plugin" asks you to open a terminal and manually copy paste a command from the README. The GitHub or SourceForge account is brand new, has no history, or reposts many unrelated "cracked" or "free" tools. The YouTube video promoting the link is AI generated, comes from a small or unrelated channel, or mixes random software tutorials
What should I do first?
Download software only from the official vendor site or verified storefronts; avoid GitHub/Sour
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.