Kaspersky researchers have uncovered a sophisticated campaign where cybercriminals use fake GitHub repositories to distribute malware, posing a significant threat to software developers. According to Kaspersky’s Securelist, these attackers are uploading deceptive projects designed to trick unsuspecting users into downloading malicious code.
The campaign, dubbed “GitVenom,” involves more than 200 repositories filled with counterfeit projects such as Telegram bots, Bitcoin wallet managers, Instagram automation tools, and even software claiming to help hack the game Valorant. These repositories appear highly authentic, featuring well-crafted README files, detailed documentation in multiple languages, and a high number of commits to create the illusion of credibility.
One notable case involved a fraudulent project masquerading as a Telegram bot designed for managing Bitcoin wallets. Hidden within the code was malware capable of stealing a developer’s browsing history and cryptocurrency wallet data. Another component of the attack included a clipboard hijacker, which searched for cryptocurrency wallet addresses on the victim’s device and replaced them with addresses controlled by the attackers.
More: Solana Pummeled
As of November 2024, one such fraudulent wallet had received approximately 5 BTC, worth around $443,000 at that time. The attackers further reinforced the legitimacy of their repositories by automating updates—generating tens of thousands of commits—without manually editing each project. This tactic, combined with detailed instructions and multiple tags, made the repositories appear trustworthy. Kaspersky officials stated “The campaign started a long time ago: the oldest fake repository we found is about two years old. In the meantime, GitVenom has affected developers in Russia, Brazil, Turkey, and other countries. The attackers covered a wide range of programming languages: malicious code was found in Python, JavaScript, C, C#, and C++ repositories.”
Developers are advised to exercise caution when downloading open-source code from GitHub, verifying the authenticity of repositories before use. Security experts recommend checking the history of contributors, scanning for unusual commit patterns, and using security tools to analyze code for potential threats.
As cybercriminals continue to refine their tactics, staying vigilant is crucial to avoiding such deceptive attacks in the open-source community.
