Malvertising campaign targeted Russian organizations using malicious payloads camouflaged as document templates and hosted on GitHub. Malware cocktail designed to encrypt victims’ data and steal cryptocurrency. ESET Research: Malware was used by the attackers to distribute the modular Buhtrap banking Trojan also known as Ratopak [1, 2, 3, 4, 5], the RTM banking Trojan, and the ClipBanker Trojan. The malicious actors used two GitHub repositories to host six malware payloads which were frequently switched, with most being signed using multiple code-signing certificates.
Source: https://www.bleepingcomputer.com/news/security/github-hosted-malware-targets-accountants-with-ransomware/