Researchers have uncovered a tool aimed at targeting GitHub users, distributed on a cybercrime forum. It offers bulk developer credential theft and the ability to conduct further malicious activities, including supply chain attacks.