GitHub Hack: Crypto Thieves Exploit Popularity

Cybercriminals are exploiting the popularity of GitHub, the world's largest code-sharing platform, to create fake projects with the sole purpose of stealing cryptocurrency and sensitive user data. According to a report by cybersecurity firm Kaspersky, the campaign, dubbed "GitVenom," has seen hackers create hundreds of repositories hosting malicious software that includes remote access trojans (RATs), info-stealers, and clipboard hijackers.

The fake projects, which range from a Telegram bot for managing Bitcoin wallets to a tool for automating Instagram account interactions, are designed to appear legitimate. The hackers behind these projects go to great lengths to make them seem authentic, including well-designed instruction files and artificially inflating the number of commits to give the impression of active development.

Upon closer inspection, however, these projects do not implement the features discussed in the instruction and explainer files. Instead, they perform meaningless actions and contain malicious payloads that download components such as info stealers, which collect saved credentials, cryptocurrency wallet data, and browsing history, and upload it to the hackers through Telegram. Another malicious component uses a clipboard hijacker that seeks crypto wallet addresses and replaces them with attacker-controlled ones.

The GitVenom campaign has been active for at least two years and has successfully targeted users worldwide, with a particular focus on Russia, Brazil, and Turkey. In one instance, a hacker-controlled wallet received 5 Bitcoin (BTC), currently worth around $442,000, after a user fell victim to the malware in November.

Kaspersky analyst Georgy Kucherin warns that the use of fake software as an infection lure will continue, given the widespread use of code-sharing platforms like GitHub by millions of developers worldwide. He advises users to be cautious and check the actions performed by any third-party code before downloading it. While the tactics, techniques, and procedures of the attackers may evolve, the threat of fake projects on GitHub remains a significant concern for users and cybersecurity professionals alike.