Cybercriminals Exploit GitHub to Distribute Crypto Malware
26.02.2025 20:00 2 min. read Kosta Gushterov
Cybercriminals are increasingly targeting GitHub users by creating deceptive repositories to spread malware, particularly designed to steal sensitive information like cryptocurrency details and personal credentials. A
A recent report from Kaspersky highlights a rising trend of fake projects that trick unsuspecting developers into downloading malicious software under the guise of legitimate tools.
These fake repositories, part of a campaign called “GitVenom,” feature software that masquerades as useful programs, such as Bitcoin wallet managers or Instagram automation tools. However, beneath the surface, the software is equipped with hidden threats like remote access trojans (RATs) and clipboard hijackers, which can collect user data and even replace crypto wallet addresses with those controlled by the attackers.
Kaspersky’s investigation reveals that these hackers have been active for over two years, creating convincing-looking projects with AI-generated documentation and regular “updates” to maintain the illusion of legitimacy. Despite the appearance of activity, the projects typically do very little, performing only meaningless tasks that disguise their true intentions.
The malware from these fake repositories has proven to be highly effective. In one instance, it led to a theft of 5 Bitcoin, worth about $442,000. Regions like Russia, Brazil, and Turkey have been particularly targeted by the attackers, but their reach is global.
Given the popularity of code-sharing platforms like GitHub, Kaspersky warns that these types of scams will continue, urging developers to be cautious about third-party code and verify what actions it performs before running it.
-
1
Ex-Government Official in China Sentenced for Bitcoin Money Laundering
09.02.2025 16:00 2 min. read -
2
Here’s How North Korean Hackers Stole $1.5 Billion from Bybit
22.02.2025 22:00 2 min. read -
3
Cybercriminals Exploit GitHub to Distribute Crypto Malware
26.02.2025 20:00 2 min. read -
4
Chicago Family Held Hostage in $15 Million Cryptocurrency Kidnapping Plot
13.02.2025 18:00 2 min. read -
5
FBI Cracks Down on Crypto Scam, Prevents $285 Million in Losses
14.02.2025 22:00 1 min. read
Infini Hit by $50M Exploit as Insider Suspect Emerges
Infini, a stablecoin payment firm, lost $50 million in what appears to be an inside job.
Here’s How North Korean Hackers Stole $1.5 Billion from Bybit
A major breach rocked the cryptocurrency exchange Bybit on Friday when Lazarus, North Korea’s notorious hacking group, stole over $1.5 billion in Ethereum and derivative tokens.
North Korea Identified as Culprit Behind Biggest Crypto Hack in History
North Korea’s Lazarus Group has been identified as the mastermind behind a massive $1.4 billion Ethereum heist targeting cryptocurrency exchange Bybit, according to blockchain investigator ZachXBT.
BREAKING: Bybit Reportedly Hacked as Over $1.4B in Crypto Drained
Bybit, one of the leading cryptocurrency exchanges, has reportedly suffered a major security breach, with over $1.4 billion worth of digital assets drained from the platform.
-
1
Ex-Government Official in China Sentenced for Bitcoin Money Laundering
09.02.2025 16:00 2 min. read -
2
Here’s How North Korean Hackers Stole $1.5 Billion from Bybit
22.02.2025 22:00 2 min. read -
3
Cybercriminals Exploit GitHub to Distribute Crypto Malware
26.02.2025 20:00 2 min. read -
4
Chicago Family Held Hostage in $15 Million Cryptocurrency Kidnapping Plot
13.02.2025 18:00 2 min. read -
5
FBI Cracks Down on Crypto Scam, Prevents $285 Million in Losses
14.02.2025 22:00 1 min. read
