- Kaspersky Research finds “hundreds” of Gitub malicious
- Commits to pretend to be useful software, but encourages victims to download malicious software
- At least one person lost 5 BTC because of the campaign
Kaspersky cybersecurity researchers have isolated a long -standing and widespread criminal campaign targeting software developers with malware in information thief.
Kaspersky said that she had observed hundreds of false GitHub standards, some pretending for tools and automation mechanisms, others like hacks and cracks, which actually supplied different types of malicious software to their victims. They nicknamed the “Gitvenom” campaign. Apparently, someone has been very deepened, carefully configuring commitments, writing the accompanying documentation and folding files, all in order to avoid being reported as Malware.
However, under false documents is a malicious code integrated into Python, Javascript, C, C ++. etc #. Kaspersky saw Node.js Stealer, Asyncrat, Qasar Backdoor and a clipboard hacker. Malware has been circulating through Github for at least two years, said Kaspersky, with targets and victims located worldwide, but some countries are more targeted than others: Russia, Brazil and Turkey have touched particularly strong.
Loss bitcoin
We do not know how many victims fell into the cunning, but Kaspersky distinguished a case in which someone lost 5 BTC on the scam, equivalent to a little less than half a million dollars.
Github is one of the most popular code standards in the world, used every day by millions of software developers. It is an important platform that helps accelerate and simplify the development of software, while improves its security by allowing countless security experts to scrutinize the code.
However, popularity also attracts bad crowd. Github is constantly bombed with malicious software, because hackers use typosquat, identity and outright fraud, to try to encourage people to download malicious software instead of a legitimate code.
Github’s maintainers work hard to keep the platform clean and have been forced several times to suspend the creation of new accounts and new validation submissions, due to a malicious software attack.
Via Bleeping Compompute
