Get the latest tech news

Kaspersky exposes hidden malware on GitHub stealing personal data

Kaspersky Global Research & Analysis Team (GReAT) discovered hundreds of open source repositories with multistaged malware targeting gamers and cryptoinvestors within a new campaign that was dubbed by Kaspersky as GitVenom. The infected projects include an automation instrument for interacting with Instagram accounts, a Telegram bot that enables the remote management of Bitcoin wallets and a crack tool to play the Valorant game. All of this alleged project functionality was fake, and cybercriminals behind the campaign stole personal and banking data and hijacked cryptowallet addresses from the clipboard. As a result of the malicious activity cybercriminals were able to steal 5 Bitcoins (around $485,000 at the time of investigation). Kaspersky detected the use of the infected repositories worldwide, with most cases in Brazil, Turkiye, and Russia.

The infected projects include an automation instrument for interacting with Instagram accounts, a Telegram bot that enables the remote management of Bitcoin wallets and a crack tool to play the Valorant game. These components include a stealer that collects passwords, bank account information, saved credentials, cryptocurrency wallet data and browsing history, packs it into a .7z archive and uploads it to attackers via Telegram. Established in 2008, Global Research & Analysis Team (GReAT) operates at the very heart of Kaspersky, uncovering APTs, cyber-espionage campaigns, major malware, ransomware and underground cyber-criminal trends across the world.

Get the Android app