Attackers are using multiple online channels — including GitHub, YouTube, and VirusTotal — to build an illusion of trust to spread a cross-platform clipboard hijacker.

June 22, 2026

Cybercriminals have created an elaborate, global reputation network — comprised of GitHub repositories, SourceForge projects, bogus YouTube videos, and other online assets — in a wide-scale cryptocurrency heist that targets both Windows and macOS platforms.

While the campaign does not specifically target enterprises, it demonstrates an evolution in how threat actors no longer need to rely on traditional channels of malware distribution and instead can go right to the source using advanced social engineering, according to researchers.

Check Point Software uncovered the campaign, which spreads a RUST-based clipboard hijacking malware targeting "users who are looking for shortcuts and quick profits — particularly crypto owners and online crash‑game gamblers and traders who are attracted by promises of automated gains and 'predictable' outcomes," according to a post published last week.