Hackers Exploit Fake GitHub Repositories to Steal Cryptocurrency

Kaspersky identifies a two-year campaign using malicious code to target developers and harvest sensitive data, including crypto wallet details.

Over 200 fake GitHub repositories have been discovered hosting malicious software designed to deceive developers.
The campaign, named 'GitVenom' by Kaspersky, has been active for at least two years and has stolen nearly $500,000 in cryptocurrency to date.
Malware embedded in these repositories includes clipboard hijackers, remote access trojans, and tools for stealing passwords and crypto wallet information.
Attackers use polished, AI-generated README files and fake commit histories to make the repositories appear legitimate and trustworthy.
Kaspersky warns developers to carefully scrutinize third-party code, as the campaign continues to target users globally, with significant impact in Russia, Brazil, and Turkey.