Hackers Use Fake GitHub Projects to Steal Cryptocurrencies: Kaspersky

Highlights:

• Kaspersky warns hackers are using fake GitHub projects to steal credentials, crypto, and system access.
• The GitVenom campaign uses AI-generated docs and manipulated commits to mislead users.
• Fake projects hide trojans, info-stealers, and clipboard hijackers that steal sensitive credentials.

Hackers have flooded the internet with hundreds of fake repositories, tricking users into downloading malware to their cryptocurrencies. In a February 24 report, cybersecurity firm Kaspersky analyst Georgy Kucherinusers warned that the “GitVenom” campaign is increasingly growing.

GitVenom includes hackers creating fake GitHub repositories to spread malicious software. These repositories look legitimate but contain remote access trojans (RATs), info-stealers, and clipboard hijackers, which allow hackers to steal credentials, crypto, and system access.

GitHub is a widely used platform for developers, especially in crypto projects, where simple apps can earn millions in revenue.

Hackers Deploy Advanced Tactics to Steal Sensitive Data

Kucherin reported that hackers used AI-generated documentation and manipulated commit histories to make their fake projects appear legitimate. He explained that hackers added timestamp files that updated every few minutes to make the projects look actively developed.

After installation, the malware operates in the background, extracting login credentials, crypto wallet data, and browsing history. It then encrypts the stolen data and sends it to hackers via Telegram to avoid detection.

Clipboard hijackers monitor copied text, specifically targeting cryptocurrency wallet addresses. When a user copies an address for a transaction, the malware replaces it with an attacker-controlled address. As a result, victims unknowingly send their funds to hackers instead of the intended recipient. Ultimately it leasds to significant financial losses.

GitHub Malware Alert ⚠️

Our Global Research & Analysis Team (GReAT) uncovered GitVenom—a stealthy, multi-stage #malware campaign exploiting open-source code. Infected repositories targeted #gamers and #crypto investors, hijacking wallets and siphoning $485,000 in #Bitcoin.

Get… pic.twitter.com/YhZJbSHCBV

— Kaspersky (@kaspersky) February 26, 2025

The campaign’s effects have been substantial. Kucherin revealed that in November, a hacker-controlled wallet received 5 Bitcoin worth about $442,000 from one victim.

GitVenom Targets Crypto Users and Developers in Key Regions

According to the report, GitVenom has been active for over two years. It mainly affected users in Russia, Brazil, and Turkey. This shows attackers focus on regions with more developers or cryptocurrency users. Cybercriminals target these platforms because people trust them, making fake projects easy to hide.

Kucherin emphasized the importance of verifying third-party code actions before downloading. He warned that attackers may keep creating harmful projects with small changes in their tactics.

Crypto Losses Hit $1.49B in 2024

The crypto industry was hacked and defrauded for $1.49 billion last year. A report by Immunefi noted that hacks were the source of 98.1% of crypto losses, and happened 192 times to cost $1.47 billion.

These figures show security weaknesses and that crypto platforms are often vulnerable to attacks. It also shows that there is an urgent need for better cybersecurity standards in the crypto industry. Fraud, including rug pulls and scams, led to $28 million in crypto losses, or 1.9% of total losses. But fraud-related losses grew by 72% year over year.

🌟In 2024, hackers stole $2.2 billion from cryptocurrencies, a 21% increase from last year. Big hits include $305M from Japan's DMM Bitcoin and $235M from India’s WazirX. North Korea stole $1.3B to avoid sanctions. Most attacks targeted big platforms.#CryptoTips #TradeSmart… pic.twitter.com/Wo4ZhLOv0s

— Fiona K (@Fiona_Kzh) December 20, 2024