GitHub Repos Masquerading as Legitimate Projects Used in New Malware Campaign: GitVenom

Popular：

Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

GitHub Repos Masquerading as Legitimate Projects Used in New Malware Campaign: GitVenom

2025-03-03

Kaspersky's Global Research & Analysis Team (GReAT) uncovered a new malware campaign, dubbed GitVenom, utilizing hundreds of open-source repositories on GitHub. These repositories, deceptively disguised as legitimate projects (including tools for Instagram automation, Telegram Bitcoin wallet management, and a Valorant cheat), secretly download and execute malware. This malware steals passwords, bank account information, cryptocurrency wallet data, and more. The attackers successfully stole approximately 5 Bitcoin (around $485,000). The attackers used AI-generated descriptions to enhance the projects' legitimacy. Kaspersky advises developers to carefully vet third-party code before execution.

(www.kaspersky.com)

Tech

Solarpunk: A Hopeful Vision for a Sustainable Future

78% of Hardware Companies Lack Security.txt