Cybercriminals have initiated a sophisticated attack that targets GitHub users. They are utilizing fake repositories to disseminate malware that steals personal data and cryptocurrency. Kaspersky, a security firm, has identified more than 200 repositories that deceive unsuspecting developers and merchants by posing as legitimate open-source projects.
Deceptive Repositories Inundate GitHub
The perpetrators of this scheme have designed their repositories to look credible, often depicting them as solutions for automating Instagram interactions or managing Bitcoin wallets. These bogus projects aim to convince consumers of their authenticity by employing professional descriptions, regular updates, and meticulously produced documentation.
Victims who fall to the trap install malware from these fraudulent repositories. Infected files contain remote access trojans (RATs), clipboard hijackers, and data-extracting software, allowing attackers to retrieve browser histories, cryptocurrency wallet details, and login credentials.
GitHub Malware Alert ⚠️
Our Global Research & Analysis Team (GReAT) uncovered GitVenom—a stealthy, multi-stage #malware campaign exploiting open-source code. Infected repositories targeted #gamers and #crypto investors, hijacking wallets and siphoning $485,000 in #Bitcoin.
Get… pic.twitter.com/YhZJbSHCBV
— Kaspersky (@kaspersky) February 26, 2025
Malware Sends Stolen Data Via Telegram
When installed, the malware sends away the captured data to hackers through Telegram. Attackers use this secured messaging app to obtain sensitive information while remaining undetectable. In some cases, the malware alters clipboard information, which causes cryptocurrency transactions to be redirected to wallets controlled by the hackers.
The magnitude of the operation is a cause for concern. According to Kaspersky, one user lost 5 Bitcoins, valued at approximately $442,000, as a result of the hack. Kaspersky has monitored numerous incidents from different countries: Russia, Brazil, and Turkey are the most severely affected.
BTCUSD trading at $87,721 on the daily chart: TradingView.com
The GitVenom
In a February 24 report, Kaspersky analyst Georgy Kucherin stated that hackers had created hundreds of repositories on GitHub containing fictitious projects that contain remote access trojans (RATs), info-stealers, and clipboard hijackers as part of the malware operation, which the company named “GitVenom.”
Kucherin added the malware creators made a huge effort to make the projects look legitimate by including well-designed instruction files that were possibly generated with the use of artificial intelligence programs.
Extreme Caution A Must
Kaspersky urged users to “be extra cautious about downloading code from GitHub.” If you wish to reduce the possibility of becoming a victim of such attacks, maximum security measure is essential. This may involve scanning downloaded files for viruses, avoiding repositories with low activity or recent creation dates, and reviewing and verifying the history of repository owners.
As new cyber threats arise, users need to be alert in protecting their valuables. Modern social engineering and phishing techniques are sophisticated enough to outwit even the most experienced of programmers. To reduce the chance of potential threats in the future, it is ideal to remain cognizant and maintain rigorous security protocols.
Featured image from Gemini Imagen, chart from TradingView
