Last updated:
Author
Ruholamin Haqshanas
Author
Ruholamin Haqshanas
Share
Why Trust Cryptonews
Cybersecurity firm Kaspersky has issued a warning about a widespread malware campaign targeting users on GitHub.
Hackers have created hundreds of fake repositories designed to deceive users into downloading crypto and credential-stealing malware.
In a report released on February 24, Kaspersky analyst Georgy Kucherin revealed that the campaign, dubbed “GitVenom,” involves cybercriminals setting up fraudulent projects on GitHub that appear legitimate but contain remote access trojans (RATs), info-stealers, and clipboard hijackers.
These malicious tools are engineered to steal cryptocurrency, login credentials, and browsing history from unsuspecting victims.
Many of these fake projects claim to offer useful software, such as a Telegram bot for managing Bitcoin wallets or a tool to automate Instagram interactions.
To make the repositories look convincing, hackers have included detailed documentation, possibly generated using artificial intelligence tools, and manipulated GitHub’s version history to show frequent updates.
Kucherin explained that they even added timestamp files that updated every few minutes to create the illusion of active development.
Despite their professional appearance, these projects do not function as advertised. Kaspersky’s investigation found that they performed meaningless tasks while secretly running malware in the background.
The cybersecurity firm discovered that several of these malicious projects have existed for at least two years, suggesting that the attackers’ methods have been effective at luring victims over an extended period.
Once downloaded, the malware activates various components designed to extract sensitive data.
Info-stealers target saved login details, cryptocurrency wallet information, and browsing history, transmitting the stolen data to the hackers through Telegram.
Clipboard hijackers monitor users’ copied text for crypto wallet addresses and replace them with addresses controlled by the attackers, potentially redirecting funds during transactions.
The impact of the campaign has been significant.
In one instance documented in November 2024, a hacker-controlled wallet received five Bitcoin, valued at approximately $442,000.
While the GitVenom campaign has been detected globally, Kaspersky noted that it has disproportionately targeted users in Russia, Brazil, and Turkey.
Kucherin warned that given the widespread use of platforms like GitHub by millions of developers worldwide, threat actors are likely to continue leveraging fake software projects as an infection method.
Crypto Market Lost $1.49B to Hacks in 2024
As reported, the crypto industry witnessed losses totaling $1.49 billion in 2024 due to hacks and fraud, marking a 17% decrease from 2023.
According to a report by blockchain security platform Immunefi, hacks were overwhelmingly the primary cause, accounting for $1.47 billion or 98.1% of the total losses across 192 incidents.
Fraud, including rug pulls and scams, represented just 1.9% of the losses at $28 million, though this category saw a 72% increase year-on-year.
The decline in total crypto losses reflects improved security measures, as the number of successful attacks also fell by 27.5%, from 320 in 2023 to 232 in 2024.
