Fake Sites Impersonate Open‑Source Tools to Deliver Malware
🛡️ Check Point researchers uncovered an operation that clones open-source and freeware project pages to funnel users through a Traffic Distribution System (TDS) that can deliver malware like Remus Stealer, AnimateClipper, and the SessionGate framework. The deceptive sites preserve real links and use CloudFront-hosted JavaScript to convert clicks into a gated redirection chain enforcing anti-bot and VPN checks. The campaign has been active since late 2025 and escalated to malware distribution in January 2026.
