TOKENICATION_ is your reliable source for the latest news and analysis on cryptocurrencies. We provide up-to-date information on Bitcoin, Ethereum, and other digital currencies to keep you informed about the latest trends and help you make informed decisions.
Date: 2025-02-26 07:00:02
The code you source from GitHub to develop a contemporary application or fix existing issues could potentially be utilized to pilfer your bitcoin (BTC) or other crypto assets, as per a report by Kaspersky.
GitHub is a widely used tool among developers, particularly those involved in crypto-oriented projects. A straightforward application in this domain can generate millions of dollars in revenue.
The report cautions users about a "GitVenom" campaign that has been operational for at least two years and is on an upward trend. This campaign involves embedding harmful code in counterfeit projects on the well-liked code repository platform.
The assault commences with seemingly genuine GitHub projects, such as creating Telegram bots for managing bitcoin wallets or tools for video games.
Each project comes with a well-crafted README file, often generated by AI, to establish credibility. However, the code itself is a Trojan horse: In Python-based projects, attackers conceal harmful script after an unusual sequence of 2,000 tabs, which decrypts and executes a malicious payload.
For JavaScript, a deceitful function is embedded in the main file, initiating the attack launch. Once activated, the malware retrieves additional tools from a separate GitHub repository controlled by the hackers.
(A tab organizes code, making it readable by aligning lines. The payload is the central part of a program that performs the actual task — or harm, in the case of malware.)
Upon system infection, various other programs are activated to execute the exploit. A Node.js stealer extracts passwords, crypto wallet details, and browsing history, then packages and transmits them via Telegram. Remote access trojans like AsyncRAT and Quasar take control of the victim's device, logging keystrokes and capturing screenshots.
"Clippers" also swap copied wallet addresses with those of the hackers, redirecting funds. One such wallet amassed 5 BTC — worth $485,000 at the time — in November alone.
Active for at least two years, GitVenom has impacted users most severely in Russia, Brazil, and Turkey, although its influence is global, according to Kaspersky.
The attackers maintain a low profile by imitating active development and varying their coding strategies to evade antivirus software.
How can users safeguard themselves? By meticulously examining any code before running it, verifying the project's authenticity, and being wary of overly polished READMEs or inconsistent commit histories.
Given that researchers do not anticipate these attacks to cease anytime soon: "We expect these attempts to continue in the future, possibly with small changes in the TTPs," Kaspersky concluded in its post.
Read More: "Crypto sectors like AI and Gaming experience steeper declines than Bitcoin in 2025"