News 
Coin Information 
About us 
A new cybersecurity report warns that hackers are planting malicious code in GitHub projects to steal Bitcoin (BTC) and other cryptocurrencies. Security firm Kaspersky uncovered a campaign called "GitVenom," which has been active for at least two years, exploiting unsuspecting developers by hiding malware in seemingly legitimate repositories.
The attack begins with fake GitHub projects, often promising useful tools like Telegram bots for Bitcoin wallets or gaming utilities. These repositories come with AI-generated README files to appear credible, but the code contains hidden payloads. In Python projects, malware is buried under a string of 2,000 tabs, while JavaScript projects include rogue functions that trigger harmful scripts. Once activated, the malware downloads additional malicious tools from hacker-controlled GitHub repositories.
The impact is severe. A Node.js-based stealer extracts passwords, crypto wallet details, and browsing history, then sends them via Telegram. Remote access trojans like AsyncRAT and Quasar hijack devices, logging keystrokes and capturing screenshots. A “clipper” malware swaps copied wallet addresses with the hacker’s own, redirecting funds—one wallet alone stole 5 BTC ($485,000) in November.
GitVenom’s victims are primarily in Russia, Brazil, and Turkey, but its reach is global. Hackers stay undetected by mimicking active development and tweaking their tactics to bypass antivirus detection.
To stay safe, developers should carefully review code before running it, verify a project’s authenticity, and be wary of polished READMEs or inconsistent commit histories. With these attacks expected to continue, vigilance is key to protecting crypto holdings from GitHub-based malware.
Comment 0