The GitHub code you use to create a fashionable application or existing patch bugs can simply be used to steal your Bitcoin (BTC) or other crypto holders, according to a Kaspersky report.
Github is a popular tool among developers of all types, but even more among the projects focused on crypto, where a simple application can generate millions of dollars in income.
The report has warned users of a “Gitvenom” campaign active for at least two years but which is regularly increasing, involving the planting of malicious code in false projects on the Popular Code reference platform.
The attack begins with apparently legitimate github projects – such as the manufacture of telegrams robots to manage Bitcoin portfolios or tools for computer games.
Everyone is delivered with a polished reading file, often generated by AI, to establish confidence. But the code itself is a Trojan horse: for projects based on Python, the attackers hide a harmful script after a bizarre chain of 2,000 tabs, which deciphers and performs a malicious payload.
For JavaScript, a thug function is integrated into the main file, triggering the launch attack. Once activated, the malicious software draws additional tools from a GitHub repository controlled by separate hackers.
(A tab organizes the code, making it readable by aligning the lines. The payload is the fundamental part of a program that does real work – or evil, in the case of malware.)
Once the system is infected, various other programs come into play to perform the feat. A thief node.js harvests passwords, details of the crypto portfolio and navigation history, then groups them and sends them via Telegram. Trojan horses remotely like Asyncrat and Quasar take control of the victim’s device, record the keys and capture screenshots.
A “mower” also exchange portfolio addresses copied with the redirection funds of pirates. One of these portfolios reported 5 BTC – worth $ 485,000 at the time – in November only.
Active for at least two years, Gitvenom has struck the hardest users in Russia, Brazil and Turkey, although its scope is global, by Kaspersky.
The attackers keep it furtively by imitating active development and varying their coding tactics to escape antivirus software.
How can users protect themselves? By examining any code before executing it, checking the authenticity of the project and distrusting too polished or inconsistent validation stories.
Because the researchers do not expect these attacks soon: “We expect these attempts to continue in the future, perhaps with small changes in TTP,” concluded Kaspersky in his post.
