Kaspersky warns of malware-ridden GitHub projects

Kaspersky warns of malware-ridden GitHub projects: how hackers are stealing credentials
Cybercriminals are exploiting GitHub to spread credential-stealing malware through fake repositories, cybersecurity firm Kaspersky has warned. The campaign, dubbed “GitVenom,” involves attackers creating seemingly legitimate projects filled with malicious code that infects users’ devices upon download.
Crypto-Stealing Malware Spread Through Fake GitHub Repositories, Kaspersky Warns
The GitVenom campaign targets developers—and once downloaded, can be used to deceive victims into transferring crypto.
Hackers Are Using Fake GitHub Code to Steal Your Bitcoin: Kaspersky
The attack starts with seemingly legitimate GitHub projects — like making Telegram bots for managing bitcoin wallets or tools for computer games.
Hackers are making fake GitHub projects to steal crypto: Kaspersky
Malicious actors are making hundreds of fake projects on GitHub aiming to snare private info through crypto and credential-stealing malware, says Kaspersky.
Malicious code in 200 GitHub repositories steals almost 500,000 euros
A malware campaign in GitHub repositories is targeting bank data and Bitcoin wallets. The malicious code is often only executed at build time.
Kaspersky Warns of Fake GitHub Projects Hosting Malware to Steal Crypto and Credentials
Cybersecurity firm Kaspersky has issued a warning about a widespread malware campaign targeting users on GitHub.
Cybercriminals Exploit Fake Github Projects To Steal Bitcoin
Cybercriminals are leveraging counterfeit GitHub repositories to distribute malware, resulting in the theft of approximately $485,000 in Bitcoin,
GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets
Also downloaded via the bogus GitHub projects are remote administration tools like AsyncRAT and Quasar RAT that can be used to commandeer infected hosts and a clipper malware that can substitute wallet addressed copied into clipboard with an adversary-owned wallet so as to reroute the digital assets to the threat actors.
Attackers steal 5 Bitcoin using malware stored on GitHub
Kaspersky’s Global Research & Analysis Team has discovered an alarming campaign that uses GitHub to distribute malware. Seemingly innocuous repositories contain malicious elements that download more malware and steal information. The attack appears successful with some 5 Bitcoin being stolen using this attack method.
Hackers Hide GitVenom Malware in Fake GitHub Repositories
Cybercriminals are using a sneaky new method to trick developers into downloading dangerous malware. A recent campaign called GitVenom is spreading harmful software through fake GitHub repositories. These attackers create fake open-source projects that look real but secretly contain hidden threats.
Hundreds of GitHub repositories hijacked to trick users into downloading malware
Kaspersky said it observed hundreds of fake GitHub repositories, some posing as tools and automation mechanisms, others as hacks and cracks, that were actually delivering different sorts of malware to ...
GitVenom attacks abuse hundreds of GitHub repos to steal crypto
A malware campaign dubbed GitVenom uses hundreds of GitHub repositories to trick users into downloading info-stealers, remote ...
The Hacker News2d
5 Active Malware Campaigns in Q1 2025
In early 2025, cybersecurity experts uncovered a sophisticated campaign involving Lumma Stealer, an information-stealing ...
North Korean hackers are posing as software development recruiters to target freelancers
North Korea is hiding malware in GitHub projectsThe projects are then sent to developers as a coding testBeaverTail malware ...
IT-Online3d
Kaspersky exposes hidden malware on GitHub
Kaspersky Global Research & Analysis Team (GReAT) has discovered hundreds of open source repositories with multi-staged malware targeting gamers and crypto-investors within a new campaign dubbed ...