Over 200 convincing GitHub repos serving up malware
Briefly

Kaspersky has uncovered a malicious campaign termed GitVenom involving over 200 fraudulent GitHub repositories that masquerade as legitimate projects to deceive users. These repositories contain software aimed at stealing sensitive information, including passwords and cryptocurrency wallet access. This operation has reportedly stolen nearly $500,000 from unsuspecting victims over two years. Concurrently, over 20 employees from the US Digital Service have resigned, citing security concerns regarding the DOGE initiative, which they believe undermines their mission to enhance governmental efficiency through technology.
Kaspersky reported over 200 deceptive GitHub repositories disguised as genuine projects, which have been exploiting developers by including malicious software over the past two years.
The malicious repositories falsely advertised various software, including Instagram aggregators and Telegram bots, while hiding components designed to steal passwords and hijack crypto wallets.
Staff at the US Digital Service expressed concerns over their new objectives under the DOGE initiative, highlighting actions that jeopardize data security and compromise government services.
A collective resignation letter from the USDS employees stated, 'We will not use our skills as technologists to compromise core government systems or sensitive data.'
Read at Theregister
[
|
]