Crypto-Stealing Malware Spread Through Fake GitHub Repositories, Kaspersky Warns

Hackers are targeting software developers by spreading malware through fake GitHub repositories, according to new research.

A lot of code on the internet is open source, meaning anyone can use it. But Kaspersky’s Securelist says there’s been an uptick in cybercriminals uploading fake projects in an attempt to deceive victims.

It warns the threat actors involved “went to great lengths to make the repositories appear legitimate to potential targets.”

In one case, a bogus project for a Telegram bot that manages Bitcoin wallets included malware that could allow attackers to obtain a developer’s browsing history or crypto wallet data.

Other components included a clipboard hijacker that scoured the victim’s computer for wallet addresses—replacing them with ones controlled by the attackers.

As of November 2024, one such wallet had received a lump sum of about 5 BTC, worth about $443,000 at the time of writing.

Sensitive information obtained from hackers—which also includes passwords and banking details—is compressed and sent on to the hackers via Telegram.

Kaspersky says vigilance is needed, especially considering code-sharing platforms like GitHub are used by millions of developers around the world.

Such repositories are often used to help save time and complete projects faster by enabling builders to use code that already exists.

“For that reason, it is crucial to handle processing of third-party code very carefully. Before attempting to run such code or integrate it into an existing project, it is paramount to thoroughly check what actions it performs,” it added.

It’s believed that GitVenom’s impact has spread globally—with most of the infections concentrated in Russia, Brazil, and Turkey.

Crypto malware targets devs

This isn’t the only form of malware known to target software developers.

Just last week, Microsoft Intelligence warned that a new variant of XCSSET was doing the rounds that could steal crypto on Apple macOS devices.

That tends to be disseminated through infected Xcode projects, which consist of the files used to create apps for this operating system.