invezz.com
26 February 2025 07:59, UTC
Cybercriminals are exploiting GitHub to spread credential-stealing malware through fake repositories, cybersecurity firm Kaspersky has warned.
The campaign, dubbed “GitVenom,” involves attackers creating seemingly legitimate projects filled with malicious code that infects users’ devices upon download.
These repositories are designed to target developers, crypto users, and businesses relying on open-source software.
Kaspersky’s research, published on February 24, highlights how threat actors manipulate GitHub’s platform to make their repositories appear credible.
By leveraging artificial intelligence to generate documentation and updating timestamps to suggest active development, hackers trick unsuspecting users into downloading and executing malware.
The risks extend beyond developers looking for open-source tools.
The malware in these repositories includes info-stealers, remote access trojans (RATs), and clipboard hijackers, all aimed at siphoning credentials, cryptocurrency wallets, and personal data.
With cybercriminals continuously refining their tactics, GitHub users are facing an evolving cybersecurity threat that extends across multiple industries.
Kaspersky’s report details how hackers are using deceptive tactics to push malware under the guise of helpful tools.
Many fake repositories claim to offer software such as Telegram bots for managing Bitcoin wallets or automation tools for social media platforms like Instagram.
In reality, these projects serve as a front for distributing malware designed to harvest sensitive data.
Once installed, the malware activates and begins extracting login credentials, cryptocurrency wallet information, and browsing history.
The stolen data is then transmitted to attackers via Telegram, allowing them to access accounts and steal funds remotely.
Clipboard hijackers further increase the risk by monitoring copied wallet addresses and replacing them with hacker-controlled addresses—redirecting transactions to cybercriminals.
GitHub Malware Alert ⚠️ Our Global Research & Analysis Team (GReAT) uncovered GitVenom—a stealthy, multi-stage #malware campaign exploiting open-source code. Infected repositories targeted #gamers and #crypto investors, hijacking wallets and siphoning $485,000 in #Bitcoin. Get…
Kaspersky’s research found that many of these malicious projects have been active for at least two years, highlighting their effectiveness in deceiving victims.
The sophistication of these attacks suggests that cybercriminals have identified GitHub as a lucrative vector for distributing malware, and they are likely to continue refining their techniques.
The impact of the GitVenom campaign has been significant, with hackers successfully siphoning funds from unsuspecting victims.
In one instance reported in November 2024, a hacker-controlled wallet received five Bitcoin, valued at approximately $442,000 at the time.
While the malware-ridden GitHub repositories have been discovered worldwide, Kaspersky notes that users in Russia, Brazil, and Turkey have been disproportionately affected.
Given the vast number of developers and businesses relying on GitHub for software development, these attacks could escalate if proactive security measures are not adopted.
The increasing use of AI-generated documentation and deceptive update logs suggests that threat actors are evolving their methods to avoid detection.
Security researchers warn that unless GitHub and its users implement stricter vetting processes, similar malware campaigns will persist, leading to more credential thefts and financial losses.
Kaspersky’s findings align with broader cybersecurity trends in the crypto space.
According to a report from blockchain security firm Immunefi, the crypto industry suffered $1.49 billion in losses due to hacks and fraud in 2024.
This marked a 17% decline from 2023, yet hacking incidents remained the primary cause of financial losses.
Of the total $1.49 billion lost, $1.47 billion—98.1%—was attributed to hacks, with 192 documented incidents.
Fraud, including rug pulls and exit scams, accounted for $28 million, representing only 1.9% of the total losses.
However, fraud cases surged by 72% year-on-year, reflecting a growing sophistication in cybercriminal tactics.
While the decline in overall losses suggests improved security measures, the number of attacks remains high.
In 2023, 320 hacking incidents were reported, compared to 232 in 2024—a 27.5% reduction.
Cybersecurity experts warn that despite the progress, platforms like GitHub continue to be exploited, and more targeted security strategies are necessary to mitigate risks.
As cybercriminals refine their approaches, organisations and developers must exercise caution when downloading software from open-source platforms.
The rise of AI-generated fake repositories, coupled with the ongoing threat of crypto-related cyberattacks, underscores the need for enhanced verification methods to prevent large-scale financial losses.
The post Kaspersky warns of malware-ridden GitHub projects: how hackers are stealing credentials appeared first on Invezz
