Cybercriminals are using GitHub to trick developers into downloading malware that steals cryptocurrencies and login credentials.Â
According to cybersecurity firm Kaspersky, the campaign, called “GitVenom,” involves hackers creating hundreds of fake repositories. These projects appear legitimate but contain harmful code that can take over a victim’s device.
How Hackers Are Targeting Developers?
Kaspersky researcher Georgy Kucherin revealed that the attackers are using open-source platforms to distribute malware. Many developers rely on GitHub to find useful code, often without checking if it is safe.Â
Cybercriminals take advantage of this by uploading projects that seem helpful, such as a Telegram bot for managing Bitcoin wallets or an automation tool for Instagram.
These repositories are carefully designed to look real. They include detailed README files, multiple tags, and frequent updates to appear trustworthy.
However, once a developer downloads and runs the code, malware is activated. The hackers use different programming languages, including Python, JavaScript, C, C++, and C#.
What Happens When a System is Infected?
Once the malicious code is executed, the infection process begins. In JavaScript-based projects, a hidden function launches the attack. The malware then downloads extra tools from another hacker-controlled GitHub repository.
After the system is compromised, multiple programs start working together to steal data. A Node.js-based stealer collects saved passwords, browsing history, and cryptocurrency wallet details. It then sends this information to the attackers via Telegram.
More dangerous tools, like AsyncRAT and Quasar, take full control of the device. These remote access trojans (RATs) can log keystrokes, capture screenshots, and spy on user activity without being detected.
Also Read: Malware SparkCat Infects 242,000 Devices Via Google Play and App Store, Steals Crypto Wallet Secrets
A Growing Cyber Threat
Kaspersky’s report shows that this campaign has been running for at least two years. Many of these fake projects have been downloaded worldwide, with the highest infection attempts reported in Russia, Brazil, and Turkey.
The success of this method suggests that hackers will continue using it, possibly with slight modifications to avoid detection.
The rise of cryptocurrency-related cybercrimes has made GitHub a prime target. Many investors and developers rely on open-source software to manage their digital assets. Hackers exploit this trust by inserting malware into popular repositories, making it easier to steal funds.
How Developers Can Stay Safe
Cyberattacks involving malware have been increasing worldwide. Hackers are using more advanced methods to infect systems, steal sensitive data, and take control of devices.Â
The rise of cryptocurrency and remote work has given cybercriminals new opportunities to target individuals and businesses.
With millions of developers using GitHub, the risk of encountering malicious software is high. Cybersecurity experts recommend taking extra precautions before downloading and running third-party code. Developers should thoroughly review the code, check for suspicious activity, and scan files for malware.
Kaspersky warns that these attacks will likely continue. As long as GitHub remains a major platform for code sharing, cybercriminals will keep finding new ways to exploit it. Developers must remain vigilant to protect their systems and digital assets from being compromised.
Also Read: North Korean Hackers Use New Phishing and Malware Attacks For Crypto Crimes