advertisement
X-twitter Facebook Instagram Linkedin Youtube Spotify
Facebook
X
LinkedIn
WhatsApp
Reddit

Attackers steal 5 Bitcoin using malware stored on GitHub

  • Kaspersky’s Global Research & Analysis Team has discovered an alarming campaign that uses GitHub to distribute malware.
  • Seemingly innocuous repositories contain malicious elements that download more malware and steal information.
  • The attack appears successful with some 5 Bitcoin being stolen using this attack method.

The Global Research & Analysis Team (GReAT) at Kaspersky has discovered an alarming campaign in which cybercriminals are storing their malware repositories on GitHub.

GReAT reports the discovery of hundreds of open source repositories containing multistaged malware with targets including gamers and cryptocurrency investors. The malware contains tools that interact with Instagram, a tool that enables remote management of crypto wallets and crack for Valorant, seemingly as lures to attract targets.

Kaspersky has labelled the campaign with the moniker GitVenom.

And the lure seems to have worked with cybercriminals allegedly being able to steal 5 Bitcoin last year using the malware.

Given that the malware is being distributed by GitHub, targets are going to be more likely to download the software as GitHub is a reputable outlet.

“As code sharing platforms such as GitHub are used by millions of developers worldwide, threat actors will certainly continue using fake software as an infection lure in the future. For that reason, it is crucial to handle processing of third-party code very carefully. Before attempting to run such code or integrate it into an existing project, it is paramount to thoroughly check what actions are performed by it. This way, it will be very easy to spot fake projects and prevent malicious code placed in them from being used to compromise the development environment,” comments Georgy Kucherin, Security Researcher at Kaspersky GReAT.

Kaspersky’s researchers believe that the attackers are using AI to write README documents, titles and more in a bid to appear more legitimate and avoid spelling and grammar mistakes. The malware is able to exfiltrate passwords, banking information, crypto wallets and just about anything on the target computer.

Of concern is the fact that these attacks have been happening for a while already.

“While investigating malicious repositories related to the GitVenom campaign, we found several fake projects published two years ago. Given that the attackers have been luring victims with these projects for several years, the infection vector is likely quite efficient. In fact, based on our telemetry, infection attempts related to GitVenom have been observed worldwide, with the highest number of them being in Russia, Brazil and Turkey,” adds Kucherin.

This should be a sign to be a bit more hesitant to trust what is found on GitHub or any code repository for that matter. While GitHub is a legitimate organisation, its platform is clearly being abused by bad actors and hopefully the noise Kaspersky is making gets their attention.

advertisement

About Author

More
Picture of Brendyn Lotz

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.

Related News

SASSA on grants doubling: “no such luck”

South Africa’s taxis get unprecedented tech upgrades

What Google said about the Competition Commission’s MDPMI

How to watch tomorrow’s Google I/O 2025 keynote

HP OmniBook 5 gets Snapdragon X and X Plus

MultiChoice confiscates and recycles counterfeit goods

advertisement
Facebook Instagram Linkedin Youtube Spotify
Hypertext is one of South Africa’s leading technology news and reviews sites. We publish original content daily for consumers and businesses.
All original words & media by Hypertext by htxt.media are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Permissions beyond the scope of this license may be available at Hypertext. Where images and material are supplied by rights holders outside of htxt.media, original publishing licences are indicated and unaffected.
Click here to suggest a story.
Click here for advertising.

© 2025. All rights reserved by HTXT.