In early September 2025, we observed a new malware campaign in which attackers hijacked the official GitHub Desktop repository to distribute a multi-stage loader disguised as the GitHub Desktop installer. This loader, dubbed GPUGate, ultimately delivers HijackLoader and cleverly uses a GPU-based API called OpenCL to evade sandbox and VM-based analysis, and to obscure the decryption key from analysts. In our case, this forced us onto a physical machine with a GPU, where I could debug the loader, understand its functionality, and recover the correct decryption key.

In this talk, I will provide a detailed explanation of how OpenCL works, and how it can be abused to evade sandbox analysis and hinder static decryption, using techniques observed in this campaign. You will learn how to spot and work around these techniques and gain a deeper understanding of OpenCL-based malware.

I will also discuss our research into the initial delivery technique (which I dubbed repo squatting). This is enabled by GitHub’s fork-network commit visibility, which allows attackers to “squat” under an official repository’s namespace via commit hashes. I will show how similar platforms are affected, and share the new methods the attackers are using to expand their victim count in 2026.