Hackers Use Fake GitHub Repositories to Steal Crypto in “GitVenom” Scam

Kaspersky's investigation also revealed evidence that some of these repositories have been active for at least two years. The scam, known as "GitVenom", appears to have a higher concentration of victims in Russia, Brazil, and Turkey, though it has been observed worldwide.

Kaspersky researcher Georgy Kucherin revealed in a February 24 report that these fraudulent repositories pretend to offer useful tools, such as a Telegram bot for managing Bitcoin BTC $88,228.08 wallets or an Instagram automation tool. However, instead of functioning as described, they install malware that grants attackers access to sensitive information.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

What is Basic Attention Token (BAT)? Brave Browser EASILY Explained

SUBSCRIBE

ON YOUTUBE

Hackers included detailed descriptions and instructional files, which Kaspersky suspects may have been generated with artificial intelligence (AI). They also manipulated project activity by continuously updating a timestamp file, which made it look like the repository was actively maintained.

Kaspersky found that the advertised features were non-functional, and the files executed meaningless actions while running hidden malware in the background. Once installed, the malware extracted saved credentials, browsing history, and cryptocurrency wallet details, sending them to attackers through Telegram.

Another malicious component worked as a clipboard hijacker, which monitored copied wallet addresses and replaced them with the hacker’s own. This method allowed attackers to intercept cryptocurrency transactions without the victim noticing.

On February 5, Kaspersky researchers discovered malware hidden in app development tools used to create apps for Google Play and the Apple App Store. What damage could it cause? Read the full story.