Fake GitHub Repositories Spread Malware To Developers Worldwide

Over 200 fake projects on GitHub have been found to spread malicious software, including tools to steal passwords, monitor activity, and steal cryptocurrency.

This scheme, named GitVenom, has been active for over two years, affecting developers worldwide, as reported in an analysis by Kaspersky.

GitHub is a popular platform where programmers can find and share code for projects. It’s a valuable resource because it saves time, offering pre-written solutions to common coding problems. However, this openness also leaves room for cybercriminals to take advantage of unsuspecting users.

The fake repositories look convincing at first glance. They contain useful-sounding projects, like Telegram bots, game hacks, or tools to manage Bitcoin wallets.

The attackers even created well-written instructions, using AI to make them available in multiple languages. Additionally, the repositories contain thousands of code updates, making them appear authentic and trustworthy.

In reality, the code inside these repositories does not do what it claims. Instead, it secretly installs harmful software on users’ computers. These include a stealer that collects usernames, passwords, browser history, and cryptocurrency wallet information.

Another tool, AsyncRAT, lets hackers remotely control a computer and record keystrokes. Quasar, a similar backdoor, provides hackers with full control of a device.

One of the most dangerous components, a clipper, changes cryptocurrency wallet addresses in the clipboard to the hacker’s own, which can lead to stolen funds. In one case, the attacker received about $485,000 worth of Bitcoin, as reported by Kaspersky.

GitVenom has affected developers in several countries, including Russia, Brazil, and Turkey. It’s a reminder of the importance of being cautious when downloading code from GitHub or other open platforms.

Kaspersky advises that to protect themselves developers should always analyze code before using it in their projects and make sure their devices are protected with antivirus software. It’s important to check project details, looking for warning signs such as new accounts with few stars or a recent creation date.

Developers should also avoid downloading files from untrusted links, especially from chats or suspicious websites. Reporting any suspicious repositories to GitHub can also help prevent further attacks.