A malware campaign known as GitVenom has been using hundreds of fake GitHub repositories to spread info-stealers, remote access trojans (RATs), and clipboard hijackers targeting cryptocurrency and credentials.
Active for at least two years, GitVenom has mainly focused on users in Russia, Brazil, and Turkey, disguising its malware as automation tools, Telegram bots, and hacking utilities.
Threat actors enhance their credibility by carefully crafting repository details, artificially increasing commit activity, and leveraging AI-generated Readme files.
Once a victim downloads and runs the malicious code, it retrieves a second-stage payload from an attacker-controlled GitHub repository, deploying tools like Node.js stealers, AsyncRAT, Quasar backdoors, and clipboard hijackers.
Kaspersky linked one incident in November 2024 to a Bitcoin wallet receiving 5 BTC, worth approximately $500,000.
To avoid falling victim to such attacks, users should scrutinize GitHub projects, scan files with security software, and be cautious of suspicious commit patterns and AI-generated documentation.
The persistence and scale of GitVenom highlight how cybercriminals continue to exploit trusted platforms like GitHub to distribute malware effectively.
Logging you in...
Loading IntenseDebate Comments...