Cybercriminals are exploiting GitHub to spread credential-stealing malware through fake repositories, cybersecurity firm Kaspersky has warned. The campaign, dubbed “GitVenom,” involves attackers creating seemingly legitimate projects filled with malicious code that infects users’ devices upon download.

The GitVenom campaign targets developers—and once downloaded, can be used to deceive victims into transferring crypto.

Cybersecurity firm Kaspersky has issued a warning about a widespread malware campaign targeting users on GitHub.

Kaspersky Global Research & Analysis Team (GReAT) discovered hundreds of open source repositories with multistaged malware targeting gamers.

The attack starts with seemingly legitimate GitHub projects — like making Telegram bots for managing bitcoin wallets or tools for computer games.

Kaspersky uncovers GitVenom, a malware campaign using fake GitHub repositories to steal crypto and user credentials.

Also downloaded via the bogus GitHub projects are remote administration tools like AsyncRAT and Quasar RAT that can be used to commandeer infected hosts and a clipper malware that can substitute wallet addressed copied into clipboard with an adversary-owned wallet so as to reroute the digital assets to the threat actors.

Kaspersky’s Global Research & Analysis Team has discovered an alarming campaign that uses GitHub to distribute malware. Seemingly innocuous repositories contain malicious elements that download more malware and steal information. The attack appears successful with some 5 Bitcoin being stolen using this attack method.