A cryptocurrency-stealing malware campaign used inflated GitHub activity, software reviews, YouTube tutorials and favorable VirusTotal comments to make malicious trading and gambling tools appear trustworthy, Check Point researchers found.

According to the researchers, the attackers packaged the malware as tools designed to help users make money. The offerings included cryptocurrency sniper bots and gambling “predictors” that claimed to identify winning opportunities before other traders or forecast the outcome of online betting games.

Instead of quick profits, the tools delivered Rust-based clipboard hijackers, or clippers, built for Windows and macOS that monitor the clipboard for cryptocurrency wallet addresses and…