Kaspersky has identified several malicious apps circulating in the repository
Hackers are using GitHub to distribute fake projects designed to steal cryptocurrency and sensitive information, according to cybersecurity firm Kaspersky. The campaign, dubbed “GitVenom,” involves the creation of hundreds of fraudulent repositories that trick users into downloading malware disguised as legitimate software. These projects often claim to offer tools for managing Bitcoin wallets or automating social media interactions, but instead, they deliver harmful code.
Kaspersky analyst Georgy Kucherin reported that the cybercriminals behind these fake projects go to great lengths to make them appear authentic. They add detailed instruction files, likely generated by AI, and artificially inflate activity levels by frequently updating a timestamp file. These tactics create the illusion of active development, making the repositories seem more trustworthy to unsuspecting users.
Once downloaded, the malware in these projects installs remote access trojans, info-stealers, and clipboard hijackers. The info-stealer collects saved credentials, browsing history, and cryptocurrency wallet data, sending them to hackers via Telegram.
Meanwhile, the clipboard hijacker targets copied cryptocurrency wallet addresses, replacing them with addresses controlled by the attackers. This method allows cybercriminals to redirect funds without the victim noticing.
Kaspersky’s investigation found that this tactic has been in use for at least two years, indicating its effectiveness in deceiving users. The firm noted that at least one victim unknowingly sent 5 Bitcoin, worth around $442,000, to a hacker-controlled wallet in November. While the GitVenom campaign has been observed globally, users in Russia, Brazil, and Turkey appear to be primary targets.
Security experts warn that hackers will likely continue refining these tactics to maintain their effectiveness. Developers and cryptocurrency users are advised to carefully review third-party code before downloading to avoid falling victim to these scams.
