Cybercriminals are using a sneaky new method to trick developers into downloading dangerous malware. A recent campaign called GitVenom is spreading harmful software through fake GitHub repositories. These attackers create fake open-source projects that look real but secretly contain hidden threats.

The attack starts with seemingly legitimate GitHub projects — like making Telegram bots for managing bitcoin wallets or tools for computer games.

The GitVenom campaign targets developers—and once downloaded, can be used to deceive victims into transferring crypto.

Cybercriminals are exploiting GitHub to spread credential-stealing malware through fake repositories, cybersecurity firm Kaspersky has warned. The campaign, dubbed “GitVenom,” involves attackers creating seemingly legitimate projects filled with malicious code that infects users’ devices upon download.

Also downloaded via the bogus GitHub projects are remote administration tools like AsyncRAT and Quasar RAT that can be used to commandeer infected hosts and a clipper malware that can substitute wallet addressed copied into clipboard with an adversary-owned wallet so as to reroute the digital assets to the threat actors.

Kaspersky uncovers GitVenom, a malware campaign using fake GitHub repositories to steal crypto and user credentials.

A malware campaign in GitHub repositories is targeting bank data and Bitcoin wallets. The malicious code is often only executed at build time.

Cybersecurity firm Kaspersky has issued a warning about a widespread malware campaign targeting users on GitHub.

Kaspersky warns hackers use fake GitHub projects to steal crypto, login credentials, and system access from users

Kaspersky Global Research & Analysis Team (GReAT) discovered hundreds of open source repositories with multistaged malware targeting gamers.