Cybercriminals Exploit GitHub to Distribute Crypto Malware
26.02.2025 20:00 2 min. read Kosta Gushterov
Cybercriminals are increasingly targeting GitHub users by creating deceptive repositories to spread malware, particularly designed to steal sensitive information like cryptocurrency details and personal credentials. A
A recent report from Kaspersky highlights a rising trend of fake projects that trick unsuspecting developers into downloading malicious software under the guise of legitimate tools.
These fake repositories, part of a campaign called “GitVenom,” feature software that masquerades as useful programs, such as Bitcoin wallet managers or Instagram automation tools. However, beneath the surface, the software is equipped with hidden threats like remote access trojans (RATs) and clipboard hijackers, which can collect user data and even replace crypto wallet addresses with those controlled by the attackers.
Kaspersky’s investigation reveals that these hackers have been active for over two years, creating convincing-looking projects with AI-generated documentation and regular “updates” to maintain the illusion of legitimacy. Despite the appearance of activity, the projects typically do very little, performing only meaningless tasks that disguise their true intentions.
The malware from these fake repositories has proven to be highly effective. In one instance, it led to a theft of 5 Bitcoin, worth about $442,000. Regions like Russia, Brazil, and Turkey have been particularly targeted by the attackers, but their reach is global.
Given the popularity of code-sharing platforms like GitHub, Kaspersky warns that these types of scams will continue, urging developers to be cautious about third-party code and verify what actions it performs before running it.
-
1
Argentina Clears Milei of Wrongdoing in LIBRA Memecoin Controversy
10.06.2025 8:00 1 min. read -
2
Crypto Theft Surges to $2.1B in 2025: State Actors Lead Historic Wave of Attacks
27.06.2025 16:30 2 min. read -
3
U.S. Court Cracks Down on Early Crypto Fraud With Massive Fine
14.06.2025 10:00 1 min. read -
4
Shaquille O’Neal Agrees to $1.8M Settlement Over FTX Endorsement Lawsuit
15.06.2025 21:00 1 min. read -
5
Iran Limits Crypto Trading Hours After Politically Charged Hack on Nobitex
20.06.2025 11:00 1 min. read
Pennsylvania Man Sentenced to 8 Years for $40M Crypto Ponzi Scheme
The U.S. Department of Justice has sentenced Dwayne Golden, 57, of Pennsylvania to 97 months in prison for orchestrating a fraudulent crypto investment scheme that stole over $40 million from investors.
Crypto Theft Surges to $2.1B in 2025: State Actors Lead Historic Wave of Attacks
The first half of 2025 has become the most damaging six-month period in crypto history, with over $2.1 billion stolen across 75+ separate incidents, according to new data.
Crypto Users Targeted as Cointelegraph and CoinMarketCap Fall to Front-End Hacks
A new breed of cyber-attack is sweeping through crypto media, exploiting site pop-ups and wallet-connect prompts instead of smart-contract bugs.
CoinMarketCap Potentially Compromised in Ongoing Front-End Attack
CoinMarketCap, one of the most widely used crypto data tracking platforms, is reportedly facing a front-end security breach, with multiple users encountering a suspicious prompt to verify their wallets.
-
1
Argentina Clears Milei of Wrongdoing in LIBRA Memecoin Controversy
10.06.2025 8:00 1 min. read -
2
Crypto Theft Surges to $2.1B in 2025: State Actors Lead Historic Wave of Attacks
27.06.2025 16:30 2 min. read -
3
U.S. Court Cracks Down on Early Crypto Fraud With Massive Fine
14.06.2025 10:00 1 min. read -
4
Shaquille O’Neal Agrees to $1.8M Settlement Over FTX Endorsement Lawsuit
15.06.2025 21:00 1 min. read -
5
Iran Limits Crypto Trading Hours After Politically Charged Hack on Nobitex
20.06.2025 11:00 1 min. read