Cyber Security Company Kaspersky Reveals One of the Methods Used by Hackers for Theft! Users in Turkey are also at Risk! Here are the Details

Cybersecurity firm Kaspersky warned that cybercriminals are using fake GitHub repositories to distribute malicious software that steals Bitcoin (BTC) and other cryptocurrencies.

Kaspersky Warns that Hackers Use Fake GitHub Code to Steal Bitcoin

According to Kaspersky's latest report, a malicious software campaign named "GitVenom" has been active for at least two years and its presence on the popular code sharing platform GitHub is steadily increasing.

The attack begins with seemingly legitimate open source projects like Telegram bots or game tools to manage cryptocurrency wallets, but hides malicious code designed to steal crypto assets.

How Does GitVenom Work?

Malicious software has been cleverly hidden in GitHub repositories.

• Each project appears legitimate and typically includes a README file generated by artificial intelligence to build trust.
• However, the code contains hidden malicious scripts. In Python-based projects, attackers hide malware behind 2,000 empty tab spaces in the script that decrypts and executes a malicious payload. In JavaScript-based projects, a fake function embedded in the main file triggers a malicious software attack.
• Once enabled, the malware downloads additional tools from hacker-controlled GitHub repositories.

How is Crypto Stolen?

Once installed, GitVenom uses multiple tools to steal sensitive user data:

• Node.js based password and crypto wallet stealers extract stored passwords, wallet details, and browsing history, then send them to computer hackers via Telegram.
• Remote access trojans like AsyncRAT and Quasar take control of the victim's device, recording keystrokes and capturing screenshots.
• A clipboard pirate replaces the copied wallet addresses with those of the attacker, redirecting cryptocurrency transactions. *Such a wallet only received 5 BTC (485.000 dollars) from the funds stolen in November.

Kaspersky noted that GitVenom is particularly active in Russia, Brazil, and Turkey, but its reach is global. Attackers mimic active development to evade antivirus detection and remain undetected by constantly changing their coding tactics.

How to Stay Safe?

Kaspersky advises developers and crypto users as follows:

Examine the code carefully before running it.

Verify the authenticity of any GitHub project.

Be careful with excessively exaggerated READMEs or inconsistent commitment histories.

With cyberattacks on the rise, GitVenom is unlikely to go away. "We expect these attacks to continue in the future, possibly with slight changes in tactics," Kaspersky concluded.