Hundreds of GitHub repositories hijacked to trick users into downloading malware

News
By
published

Someone has been hard at work deploying a range of different malware

An abstract image of digital security.
(Image credit: Shutterstock) (Image credit: Shutterstock)
  • Kaspersky research finds "hundreds" of malicious GitHub commits
  • Commits pretend to be useful software but trick victims into downloading malware
  • At least one person lost 5 BTC because of the campaign

Cybersecurity researchers Kaspersky have iscovered a longstanding, widespread criminal campaign targeting software developers with information-stealing malware.

Kaspersky said it observed hundreds of fake GitHub repositories, some posing as tools and automation mechanisms, others as hacks and cracks, that were actually delivering different sorts of malware to their victims. They dubbed the campaign ‘GitVenom’. Apparently, someone has been very thorough, carefully setting up commits, writing accompanying documentation and readme files, all in order to avoid being flagged as malware.

However, beneath the fake documents lies malicious code built in Python, JavaScript, C, C++. and C#. Kaspersky saw Node.js stealer, AsyncRAT, Qasar backdoor, and a clipboard hijacker. The malware has been circulating across GitHub for at least two years, Kaspersky stressed, with targets and victims located all over the world, but some countries are targeted more than others: with Russia, Brazil, and Turkey hit especially hard.

Losing bitcoin

There is no telling how many victims fell for the ruse, but Kaspersky singled out one case in which someone lost 5 BTC to the scam, equivalent to just under half a million dollars.

GitHub is one of the most popular code repositories in the world, used every day by millions of software developers. It is an important platform that helps speed up and simplify software development, while at the same time improves security by allowing countless security experts to scrutinize the code.

However, the popularity also draws in the wrong crowd. GitHub is constantly being bombarded with malware, as hackers employ typosquatting, impersonation, and outright fraud, to try and trick people into downloading malware instead of legitimate code.

GitHub’s maintainers work hard to keep the platform clean, and were forced on multiple occasions to suspend new account creation and new commits submissions, due to an onslaught of malware.

Via BleepingComputer

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

More about security
sewage water treatment

Southern Water denies claims it offered $750,000 ransom to ransomware hackers
ransomware avast

AI is helping hackers get access to systems quicker than ever before
An Nvidia GeForce RTX 4060 Ti

Nvidia RTX 5060 Ti GPU with 16GB rumored for March launch, followed by 8GB flavor in April – but where does that leave the vanilla RTX 5060?
See more latest