Security researchers at Arctic Wolf have uncovered a novel malware campaign targeting users in Western Europe, delivered through Google Ads and employing sophisticated evasion techniques.
Dubbed GPUGate, the campaign uses malicious GitHub Desktop installers to distribute its payload masquerading as legitimate software. Attackers are using trusted platforms to bypass traditional detection methods and lure users into downloading the malware.
“On 19 August 2025, a threat actor leveraged GitHub’s repository structure together with paid placements on Google Ads to funnel users toward a malicious download hosted on a lookalike domain,” Arctic Wolf researchers said in a blog post. “By embedding a commit‑specific link in the advertisement, the attackers made the download appear to originate from an official source, effectively sidestepping typical user scrutiny.”
GPUGate’s operators were also seen incorporating advanced evasion techniques, most notably a GPU-based decryption process that ensures the malware only activates on systems with specific graphics hardware.
Malicious Ads Masquerading as GitHub Desktop
Arctic Wolf’s Cybersecurity Operations Center (cSOC) spotted the malware being distributed via Google ads that directed users to compromised GitHub repositories. These ads were carefully crafted to look legitimate, using commit-specific links that mimicked genuine GitHub workflow. Once users clicked, they were redirected to fake domains hosting a malicious GitHub Desktop installer.
The ads were designed to promote a “GitHub Desktop” installer or related GitHub tools, making them appear as legitimate software downloads. This approach allowed the attackers to exploit the credibility of both GitHub and Google ads, bypassing basic scrutiny and increasing the likelihood of a download.
Researchers warned that the campaign aimed to infiltrate organizations by tricking IT personnel–who typically have elevated network privileges–into downloading malware under the guise of installing GitHub desktop, potentially enabling credential theft, information exfiltration, and even ransomware deployment.
“Once the malicious payload is executed by the user, it gains administrative rights, enabling further lateral movement and persistence,” the researchers said.
GPU-Gated decryption evades detection
The malware itself is delivered as a large Microsoft Software Installer (MSI) file, approximately 128 MB in size. It features a GPU-gated decryption mechanism that keeps the payload encrypted unless it detects the presence of a real GPU on the system. Researchers noted that this design allows GPUGate to remain dormant in virtual machines, automated analysis environments, or less powerful machines, making it extremely difficult for security researchers to analyze.
Once activated, the malware launches PowerShell with parameters designed to bypass Windows execution policies while hiding its windows from user view. Additionally, persistence is achieved through a scheduled task running with the highest administrative privileges, allowing it to survive reboots and operate across user sessions.
The campaign also targets macOS devices, distributing AMOS Stealer (also known as Atomic Stealer) via a tailored installer that matches either x64 or ARM processors. This info-stealer, sold as malware-as-a-service on underground forums, can exfiltrate a wide range of sensitive data, including keychain passwords, VPN profiles, browser credentials, instant messaging data, documents, and cryptocurrency wallets.
Researchers noted that the inclusion of cross-platform attacks demonstrates the operator’s aim for comprehensive, persistent access across diverse enterprise environments. “The malvertising and geofencing used are customized to specifically target EU countries,” they added. “The industries we observed directly targeted included workers in the Information Technologies sector.” For protection, Arctic Wolf recommends combining runtime inspection with sandboxing as well as boosting user awareness, as GPUGate’s advanced evasion and convincing mimicry make static defenses insufficient.
No Responses