CyberSecurity news
FlagThis
Pierluigi Paganini@Security Affairs
//
The GitVenom campaign, a sophisticated cyber threat, has been uncovered, exploiting GitHub repositories to spread malicious code and steal cryptocurrency. This campaign involves creating hundreds of repositories that appear legitimate but contain malicious code designed to infect users’ systems. The attackers craft these fake projects in multiple programming languages, including Python, JavaScript, C, C++, and C#, to lure unsuspecting developers. These projects often promise functionalities like automation tools but instead deploy malicious payloads that download additional components from attacker-controlled repositories.
The malicious components include a Node.js stealer that collects sensitive information like credentials and cryptocurrency wallet data, uploading it to the attackers. According to SecureListReport, a clipboard hijacker is also used to replace cryptocurrency wallet addresses, leading to significant financial theft. Kaspersky Labs discovered the GitVenom cybercrime campaign targeting GitHub users to steal cryptocurrency and credentials, with one attacker-controlled Bitcoin wallet receiving about 5 BTC (approximately $485,000) in November 2024.
ImgSrc: securityaffairs
References :
The malicious components include a Node.js stealer that collects sensitive information like credentials and cryptocurrency wallet data, uploading it to the attackers. According to SecureListReport, a clipboard hijacker is also used to replace cryptocurrency wallet addresses, leading to significant financial theft. Kaspersky Labs discovered the GitVenom cybercrime campaign targeting GitHub users to steal cryptocurrency and credentials, with one attacker-controlled Bitcoin wallet receiving about 5 BTC (approximately $485,000) in November 2024.
ImgSrc: securityaffairs
Share:
References :
- Cyber Security News: GitVenom Campaign Exploits Thousands of GitHub Repositories to Spread Infections
- gbhackers.com: The GitVenom campaign, a sophisticated cyber threat, has been exploiting GitHub repositories to spread malware and steal cryptocurrency.
- Talkback Resources: Kaspersky Labs discovered the GitVenom cybercrime campaign targeting GitHub users to steal cryptocurrency and credentials through fraudulent repositories, resulting in the attacker-controlled Bitcoin wallet receiving about 5 BTC (approximately $485,000) in November 2024.
- Talkback Resources: Open-source code has a significant impact on software development, but developers should be cautious of the GitVenom campaign involving threat actors creating fake projects on GitHub to distribute malicious code and steal sensitive information.
- The Hacker News: GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets
- securityaffairs.com: GitVenom campaign targets gamers and crypto investors by posing as fake GitHub projects
- The Register - Security: Reports that more than 200 GitHub repos are hosting fake projects laced with malicious software.
- BleepingComputer: A malware campaign dubbed GitVenom uses hundreds of GitHub repositories to trick users into downloading info-stealers, remote access trojans (RATs), and clipboard hijackers to steal crypto and credentials.
- Talkback Resources: Malware campaign dubbed GitVenom uses hundreds of GitHub repositories to trick users into downloading info-stealers, remote access trojans (RATs), and clipboard hijackers to steal crypto and credentials.
- Help Net Security: Hundreds of GitHub repos served up malware for years
- bsky.app: Bluesky post about the malware campaign GitVenom.
- BleepingComputer: A malware campaign dubbed GitVenom uses hundreds of GitHub repositories to trick users into downloading info-stealers.
- aboutdfir.com: GitVenom attacks abuse hundreds of GitHub repos to steal crypto
- bsky.app: A malware campaign dubbed GitVenom uses hundreds of GitHub repositories to trick users into downloading info-stealers, remote access trojans (RATs), and clipboard hijackers to steal crypto and credentials.