Technology

Hundreds of GitHub repositories hijacked to trick users into downloading malware

February 26, 2025

Kaspersky research finds “hundreds” of malicious GitHub commits
Commits pretend to be useful software but trick victims into downloading malware
At least one person lost 5 BTC because of the campaign

Cybersecurity researchers Kaspersky have iscovered a longstanding, widespread criminal campaign targeting software developers with information-stealing malware.

Kaspersky said it observed hundreds of fake GitHub repositories, some posing as tools and automation mechanisms, others as hacks and cracks, that were actually delivering different sorts of malware to their victims. They dubbed the campaign ‘GitVenom’. Apparently, someone has been very thorough, carefully setting up commits, writing accompanying documentation and readme files, all in order to avoid being flagged as malware.

However, beneath the fake documents lies malicious code built in Python, JavaScript, C, C++. and C#. Kaspersky saw Node.js stealer, AsyncRAT, Qasar backdoor, and a clipboard hijacker. The malware has been circulating across GitHub for at least two years, Kaspersky stressed, with targets and victims located all over the world, but some countries are targeted more than others: with Russia, Brazil, and Turkey hit especially hard.

Losing bitcoin

There is no telling how many victims fell for the ruse, but Kaspersky singled out one case in which someone lost 5 BTC to the scam, equivalent to just under half a million dollars.

GitHub is one of the most popular code repositories in the world, used every day by millions of software developers. It is an important platform that helps speed up and simplify software development, while at the same time improves security by allowing countless security experts to scrutinize the code.

However, the popularity also draws in the wrong crowd. GitHub is constantly being bombarded with malware, as hackers employ typosquatting, impersonation, and outright fraud, to try and trick people into downloading malware instead of legitimate code.

GitHub’s maintainers work hard to keep the platform clean, and were forced on multiple occasions to suspend new account creation and new commits submissions, due to an onslaught of malware.

Via BleepingComputer

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

LEAVE A REPLY Cancel reply

EDITOR PICKS

POPULAR POSTS

QUICK LINKS

ABOUT US

FOLLOW US

Cookie bar