Cybercriminals are using fake GitHub repositories to spread malware that steals Bitcoin (BTC) and other cryptocurrencies, cybersecurity firm Kaspersky has warned. Kaspersky Warns Hackers Are Using Fake GitHub Code to Steal Bitcoin A malware campaign dubbed “GitVenom” has been active for at least two years and has been increasingly present on the popular code-sharing platform GitHub, according to Kaspersky's latest report. The attack begins with seemingly legitimate open-source projects, such as Telegram bots or gaming tools to manage crypto wallets, but hides malicious code designed to steal crypto assets. How Does GitVenom Work? The malware is cleverly hidden in GitHub repositories: Each project appears legitimate and often includes an AI-generated README file to build trust. Ancak, kod gizli kötü amaçlı komut dosyaları içeriyor. In Python-based projects, attackers hide malware behind 2,000 empty tab spaces in the script, which decrypts and runs a malicious payload. In JavaScript-based projects, a fake function embedded in the main file triggers a malware attack. Once activated, the malware downloads additional tools from hacker-controlled GitHub repositories. How to Steal Crypto? Once installed, GitVenom uses multiple tools to steal sensitive user data: Node.js-based password and crypto wallet thieves extract stored passwords, wallet details, and browsing history, then send them to hackers via Telegram. Remote access trojans (RATs) such as AsyncRAT and Quasar hijack a victim's device, logging keystrokes and capturing screenshots. A clipper redirects cryptocurrency transactions by replacing copied wallet addresses with those of the attacker. One such wallet received 5 BTC ($485,000) in stolen funds in November alone. Kaspersky noted that GitVenom is particularly active in Russia, Brazil, and Turkey, but its reach is global. Attackers remain undetected by imitating active development and constantly changing their coding tactics to evade antivirus detection. How to Stay Safe? Kaspersky advises developers and crypto users to: Review code carefully before running it. Verify the authenticity of any GitHub project. Be wary of overly exaggerated READMEs or inconsistent commit histories. As cyberattacks continue to increase, GitVenom is unlikely to disappear. “We expect these attacks to continue in the future, with likely minor changes in tactics,” Kaspersky concluded. *This is not investment advice. Continue Reading: Cyber Security Firm Kaspersky Revealed One of the Hackers' Theft Methods! Users in Turkey Are Also in Danger! Here Are the Details
