Cybersecurity firm Kaspersky has warned that hackers are using fake GitHub projects to trick people into downloading malware which steals cryptocurrency and personal data. The attack, known as “GitVenom” has been going on for at least two years, and is becoming increasingly common.
How the Scam Works
The attackers then generate fake Github repositories that mimic real software projects. Most of these projects claim to be useful, such as Telegram bots for Bitcoin wallets or programs for automating Instagram interactions. The hackers make these fake projects look professional, by writing detailed descriptions and creating well written instruction files often done with the aid of artificial intelligence (AI).
Therefore, when you download and run the code, hidden malware will activate. In the case of a Python based project, hackers hide the harmful code behind thousands of blank spaces and the JavaScript project holds a secret function that kicks off the attack. The malware is activated and then downloads further malevolent programs from a hacker’s GitHub repository.
What the Malware Does
Once a computer has been infected with malware, it begins to steal important information. It is a sort of virus called a “stealer” that records passwords, browsing history and the details of cryptocurrency wallets. Hackers then send this stolen data to them using Telegram, a popular messaging app. The malware can also use remote access trojans (RATs), to gain control over the victim’s computer, to log keystrokes or take screenshots.
Another dangerous feature of GitVenom is “clipper” malware. This program will replace the wallet addresses copied by the cryptocurrency with the hacker’s wallet address. In other words, if a victim attempts to send Bitcoin to someone, it will instead go directly to the hacker. This method was used in just one incident in which the hacker stole 5 Bitcoin (at the time, approximately worth $485,000).
How to Stay Safe
According to Kaspersky, GitVenom is spreading globally and the biggest victims are Russia, Brazil and Turkey. Users should be careful when downloading code from GitHub so they stay safe. Make sure to verify the author of a project, scan for viruses, and avoid any projects lacking activity or a shady history.
With threats in cyberspace constantly changing, experts advise developers and users to be on guard and to adopt good security practices in order to protect from digital theft.
Also read: Transaction Simulation Spoofing: The New Crypto Scam to Watch Out For
