Hackers are creating fake GitHub projects filled with malware to steal crypto. In November, at least one unlucky victim lost 5 bitcoins (worth around $442,000) after downloading a malicious project. Read on to learn more.
The research study from Kaspersky describes fake project tactics used to steal crypto through deceptive software downloads.
How Hackers Are Using Fake GitHub Projects to Steal Crypto
GitHub is a leading platform for developers who wish to share and synchronize their coding efforts. Unfortunately, hackers are taking advantage of its open nature. Kaspersky analyst Georgy Kucherin explains that hackers create fake repositories under “GitVenom.” These projects pose legitimate tools but steal crypto and personal data.
🚨 ALERT: Hackers are making fake GitHub projects to steal crypto, according to Kaspersky.
The hackers of the malware campaign called GitVenom have created hundreds of repositories on GitHub hosting fake projects that contain remote access trojans (RATs), info-stealers and… pic.twitter.com/NfZL6aWiKD
— Cointelegraph (@Cointelegraph) February 26, 2025
Some of the fake projects include:
- A Telegram bot that claims to manage Bitcoin wallets.
- A tool for automating Instagram account interactions.
Hackers use AI, fake updates, and inflated commits to make projects look legitimate. Once downloaded, the malware inside these projects activates. It steals data and scans for crypto wallet addresses, replacing them with hacker-controlled ones.
How the Malware Works
Once a victim downloads and installs the fake project, the malware copies sensitive data, including:
- Saved credentials (passwords and logins).
- Crypto wallet information.
- Browsing history.
GitHub users, be careful!
GitVenom campaign uses fake projects to spread malware, stealing crypto and data. Verify repos before use: check code, READMEs, and commits; or stick to known, trusted repos.
See more here: https://t.co/Dq19Wjb9Yo
— Cosmos Rescue (@cosmosrescue) February 26, 2025
The stolen data gets to hackers through Telegram. A clipboard hijacker runs in the background, looking for crypto wallet addresses. If a user tries to copy and paste their wallet address, the malware swaps it with the hacker’s address, redirecting funds to the attackers.
Who Is at Risk?
According to Kaspersky, the GitVenom campaign targets users worldwide. However, it focuses more on Russia, Brazil, and Turkey. The fact that hackers have been running this scheme for at least two years suggests it has effectively tricked victims.
GitHub Malware Alert ⚠️
Our Global Research & Analysis Team (GReAT) uncovered GitVenom—a stealthy, multi-stage #malware campaign exploiting open-source code. Infected repositories targeted #gamers and #crypto investors, hijacking wallets and siphoning $485,000 in #Bitcoin.
Get… pic.twitter.com/Ol7X7b1mwQ
— Kaspersky (@kaspersky) February 25, 2025
How to Stay Safe
Hackers focus on GitHub because it has many developers. They will continue creating harmful projects. However, they will make minor strategic adjustments over time. Many steps exist to safeguard yourself against attacks:
- Check all unverified GitHub projects.
- Always confirm the platform sending third-party code before starting any downloads.
- Before downloading, check the code’s behavior to ensure it’s malware-free.
All files downloaded from the internet must undergo a security scan before regular execution.
Conclusion
Hackers’ skill levels continue to advance, and they are using fake GitHub projects to steal crypto assets. Always stay alert while validating your download sources. Do not assume a secure appearance indicates project safety. Your crypto assets face more significant threats from theft, so a simple increase in caution will help defend them.
Disclaimer
The information discussed by Altcoin Buzz is not financial advice. This is for educational, entertainment, and informational purposes only. Any information or strategies are thoughts and opinions relevant to the accepted levels of risk tolerance of the writer/reviewers and their risk tolerance may be different than yours. We are not responsible for any losses that you may incur as a result of any investments directly or indirectly related to the information provided. Bitcoin and other cryptocurrencies are high-risk investments so please do your due diligence. Copyright Altcoin Buzz Pte Ltd.