"GitVenom: Crypto Users Fall for Massive GitHub Malware Scam"

Cybersecurity firm Kaspersky has recently warned of a massive scam targeting crypto users on GitHub. The scam, dubbed "GitVenom," involves hackers creating fake repositories to trick users into downloading malware that steals credentials and targets cryptocurrency. This campaign has been active for at least two years and has resulted in significant financial losses for victims.

The GitVenom campaign has been flooding GitHub with hundreds of fake repositories, claiming to offer useful software tools such as a Telegram bot for managing Bitcoin wallets and an automation tool for Instagram account interactions. However, these projects are actually designed to deliver malicious payloads that siphon sensitive user information. The attackers have gone to great lengths to make these repositories appear legitimate, including incorporating well-designed instruction files and manipulating GitHub's activity metrics.

Once downloaded and executed, the fake software injects multiple malicious components into the victim's system. These include info-stealer malware, clipboard hijackers, and remote access trojans (RATs). The info-stealer malware extracts saved credentials, browsing history, and cryptocurrency wallet data, while clipboard hijackers replace copied crypto wallet addresses with ones controlled by the attackers. RATs allow attackers to take control of an infected system, potentially installing additional malware or stealing more data.

The GitVenom campaign has been detected worldwide, with Russia, Brazil, and Turkey being among the primary targets. These regions have significant cryptocurrency adoption rates, making them attractive hunting grounds for cybercriminals seeking to intercept transactions and steal user credentials. The campaign has resulted in at least one victim unknowingly transferring a large sum of Bitcoin to an attacker's wallet after their clipboard was hijacked.

This attack highlights the increasing use of code-sharing platforms like GitHub as malware distribution hubs. As millions of developers rely on GitHub for open-source projects, cybercriminals exploit trust in the platform to distribute malicious software. Kaspersky warns that such tactics will likely continue evolving, and users must remain vigilant when downloading third-party code. To mitigate the risk of falling victim to fake repositories, Kaspersky advises developers and users to verify the legitimacy of repositories, check the history of commits and contributors, analyze the code before execution, and avoid downloading software from unknown sources.

In response to the growing number of fraud cases linked to cryptocurrency ATMs, Illinois Senator Dick Durbin has introduced new legislation