PreCog Caught a Malware Staging Repo on GitHub While We Slept

# PreCog Caught a Malware Staging Repo on GitHub While We Slept

March 28, 2026 — DugganUSA

This morning at 8:17 AM, I checked PreCog over coffee. It had been red for three days ��� infrastructure activation surge, IOC velocity spike, the usual war footing signals. But overnight, a new signal lit up.

Supply Chain Staging: 0.6.

That signal watches for malicious content being staged on trusted platforms — GitHub, npm, PyPI — the places your security tools don't block because they're "trusted." We call it Pattern #38.

PreCog found a GitHub repository: babka98/horinis.

What It Found

A GitHub account created March 5, 2026. Zero followers. Zero following. One repository. Description: "horinis stable versions." 84 megabytes of MSI installers.

Five files:

• split.msi

• Toshi2.msi

• Sinobu.msi

• monkey.msi

• gatsby.msi

All five flagged by SSL Blacklist (abuse.ch) as malware. The repository was updated yesterday — March 27 — meaning someone is actively maintaining it.

The technique: host malware on GitHub, distribute links that point to github.com, bypass every URL reputation filter that trusts GitHub's domain. Your email gateway won't block it. Your web proxy won't flag it. Your users click a github.com link and download a malicious MSI installer.

Why This Matters

Nobody asked PreCog to look for this. There was no alert. No customer reported it. No vendor blogged about it. The supply chain staging signal ingests indicators from automated feeds — in this case, SSL Blacklist — and when it sees trusted-domain hosting of flagged content, it elevates.

I woke up, checked the dashboard, and the system had already found a live malware distribution point, identified the account as suspicious (23 days old, zero community engagement, single-purpose repo), and queued the indicators for review.

The repo is still live as of this writing. We reported it to GitHub.

The AI Framework Week

This is the third supply chain finding this week:

Monday through Friday, three major AI frameworks disclosed critical vulnerabilities — LangChain (path traversal, SQL injection, serialization injection), LangGraph (SQLite checkpoint manipulation), and Langflow (CISA active exploitation warning, CVE-2026-33017). Every organization building AI applications on these frameworks is running vulnerable code.

Now a GitHub repo staging MSI malware. The supply chain is under sustained pressure from multiple directions simultaneously.

The Numbers

PreCog has been red for 72 hours. Three days of elevated threat signals:

• Day 1 (Thursday): Infrastructure activation surge + IOC velocity spike (Spamhaus 7x)

• Day 2 (Friday): Same signals + Kash Patel breach confirmed + EU Commission breached

• Day 3 (Saturday): Supply chain staging signal joins the party

This is what a sustained threat environment looks like in telemetry. Not one big event — a continuous elevation across multiple independent signals. The system that called a Christmas Eve DDoS three hours early is now watching a three-day campaign unfold in real time.

What Defenders Should Do

• Block the repo: github.com/babka98/horinis — if your users can download MSI files from GitHub, they can download these.

• Check your AI frameworks: LangChain, LangGraph, Langflow — all disclosed critical vulnerabilities this week. Patch versions are available.

• Monitor for MSI downloads from GitHub: Any MSI downloaded from a github.com raw URL should be suspicious. Legitimate software distribution from GitHub uses release assets, not blob/main links.

• STIX feed: All indicators indexed. Free at analytics.dugganusa.com/stix.

PreCog doesn't sleep. The STIX feed doesn't sleep. The watchdog doesn't sleep.

We do, occasionally. But we check the dashboard first thing when we wake up.

Patrick Duggan is the founder of DugganUSA LLC. He was drinking coffee when PreCog found the malware. The system that catches things while humans sleep is the product. The STIX feed is free.

Her name was Renee Nicole Good.

His name was Alex Jeffery Pretti.

The cheapest, fastest, most accurate threat feed on the internet.

275+ enterprises pulling daily. 1M+ IOCs. 17.4M indexed documents. We beat Zscaler by 43 days on NrodeCodeRAT. Starter tier $9/mo — less than any competitor’s sales demo.

Look up an IOC → · Audit your brand on AIPM → · See pricing →