Techly NewsGet the app

Get the latest tech news

The GitVenom campaign: cryptocurrency theft using GitHub


Kaspersky researchers discovered GitVenom campaign distributing stealers and open-source backdoors via fake GitHub projects.

Over the course of the GitVenom campaign, the threat actors behind it have created hundreds of repositories on GitHub that contain fake projects with malicious code – for example, an automation instrument for interacting with Instagram accounts, a Telegram bot allowing to manage Bitcoin wallets, and a hacking tool for the video game Valorant. While analyzing repositories created over the course of the GitVenom campaign, we noted that the fake projects we found were written in multiple programming languages – specifically Python, JavaScript, C, C++ and C#. Notably, the attacker-controlled Bitcoin wallet ( ID: bc1qtxlz2m6r[...] yspzt) received a lump sum of about 5 BTC (approximately 485,000 USD at the time of research) in November 2024.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of GitHub

GitHub

Photo of cryptocurrency theft

cryptocurrency theft

Photo of GitVenom

GitVenom

Related news:

News photo

Microsoft Copilot continues to expose private GitHub repositories

News photo

A DOGE staffer appears to be posting DOGE work on his public GitHub

News photo

Chatbots are surfacing data from GitHub repositories that are set to private | Chatbot and AI services have yet another security and safety issue we need to worry about

« Australia’s military missed China’s live fire warning because some surveillance assets can’t access “short range radio frequency”: Defence Force Chief Admiral
How long is the OnePlus Watch 3 battery life? »