GitVenom: Malicious Open Source Projects on GitHub Deliver Malware

2025-03-02
GitVenom: Malicious Open Source Projects on GitHub Deliver Malware

Researchers uncovered a malicious campaign, dubbed "GitVenom," where threat actors created hundreds of fake open-source projects on GitHub to deliver malware. These projects, disguised as legitimate tools like Instagram automation scripts, Telegram bots, and game cheats, featured polished README files and frequent commits to appear authentic. Malicious code was cleverly hidden within projects written in various languages (Python, JavaScript, C/C++, C#), ultimately downloading and executing further malicious components from an attacker-controlled GitHub repository. These components included information stealers, remote access Trojans, and clipboard hijackers. The campaign has been active for years, impacting users globally, highlighting the risks of blindly running third-party code.

Read more
Tech

SparkCat: Crypto-Stealing Malware Lurking in App Stores

2025-02-05
SparkCat: Crypto-Stealing Malware Lurking in App Stores

ESET researchers uncovered a cross-platform malware dubbed "SparkCat" hidden within Google Play and the App Store, affecting over 242,000 downloads. The malware embeds a malicious SDK, using OCR to identify images of cryptocurrency wallet recovery phrases in users' photo galleries and sending them to a C2 server. Attackers employed a custom C2 communication protocol written in Rust, increasing analysis difficulty. The malware aims to steal cryptocurrency and utilizes multiple techniques to evade security measures.

Read more