GitVenom Exploits GitHub to Steal Cryptocurrency

Cybercriminals have launched a sophisticated malware campaign named 'GitVenom' targeting GitHub users by creating over 200 fake repositories with malware designed to steal personal data and cryptocurrency. These repositories appear authentic, with professional descriptions and inflated commit histories, often featuring projects like Telegram bots and Instagram automation tools. Victims inadvertently install malware, such as remote access trojans and clipboard hijackers, that steal credentials and redirect cryptocurrency transactions, with stolen data exfiltrated via Telegram. Kaspersky reports the campaign has been active for at least two years, affecting users globally, with significant cases in Russia, Brazil, and Turkey. One victim reportedly lost 5 Bitcoins, highlighting the campaign's financial impact. The malware's creators use multiple programming languages to avoid detection, and some fake repositories have since been removed.