On the developer platform GitHub, cybersecurity specialists have discovered an active campaign that has been targeting users' computers for several years in an attempt to steal their crypto assets.
The campaign, dubbed GitVenom, was detected by security specialist Kaspersky.
Their researchers found that the criminals had created hundreds of legitimate-looking repositories on GitHub containing fake projects with malicious code. These included an automation tool for interacting with Instagram accounts, a Telegram bot for managing Bitcoin wallets, and a hacking tool for the video game Valorant.
The repositories even contained well-designed README.md files with information about the projects, as well as instructions on how to compile their code, written in multiple programming languages.
"As expected, these projects did not implement the features described in the README.md file, and their code mostly performed meaningless actions. At the same time, each project was infected with malicious code, with its placement depending on the programming language used," the researchers said.
Moreover, to hide their criminal intentions and make the repositories appear legitimate, the threat actors also added multiple tags to their repositories and artificially inflated the number of commits made to them. The latter was achieved by placing a timestamp file in these repositories, which was updated every few minutes, Kaspersky explained.
However, the malicious code was designed to collect information such as saved credentials, crypto wallet data, and browsing history and send it to the attackers via Telegram. Additionally, a clipboard hijacker was utilized to search clipboard contents for crypto wallet addresses and replace them with attacker-controlled ones.
"Notably, the attacker-controlled bitcoin wallet (ID: bc1qtxlz2m6r[...]yspzt) received a lump sum of about 5 BTC (approximately 485,000 USD at the time of research) in November 2024," the researchers said.
According to them, infection attempts related to GitVenom have been observed worldwide, with the highest numbers recorded in Russia, Brazil, and Turkey.
"It is crucial to handle third-party code with extreme caution. Before running such code or integrating it into an existing project, it is paramount to thoroughly check what actions it performs," the researchers urged.
Your email address will not be published. Required fields are markedmarked