Security researchers have identified a malicious campaign named 'GitVenom' that exploits GitHub repositories to distribute malware. Kaspersky's analysis reveals that over 200 repositories have been set up, misleading users with fake projects like Telegram bots, game hacks, and automation tools across various programming languages. These repositories use techniques like false tags and misleading README files to appear legitimate, thus enticing users to download malware. The malware includes keyloggers and clipboard stealers, reportedly diverting nearly $500,000 in Bitcoin to attackers' wallets.
"In reality, the code doesn't do half of what it claims. But 'thanks' to [the README], victims end up downloading malicious components."
"These fake projects included Telegram bots, video game hacking tools, Instagram automation utilities, and Bitcoin wallet managers covering a wide range of programming languages such as Python, JavaScript, C, C#, and C++."
"The campaign uses a number of techniques to make itself appear legitimate, such as adding multiple tags to their repositories, displaying they have tens of thousands of commits, and 'well-designed' README files..."
"According to the report, the group was able to divert almost $500,000 worth of Bitcoin to one of their addresses in November 2024 using this method."
Collection
[
|
...
]