Subj : Hundreds of GitHub repositories hijacked to trick users into down To : All From : TechnologyDaily Date : Wed Feb 26 2025 14:30:08 Hundreds of GitHub repositories hijacked to trick users into downloading malware Date: Wed, 26 Feb 2025 14:24:00 +0000 Description: Criminals have been deploying different malware via hundreds of GitHub projects. FULL STORY ======================================================================Kaspersk y research finds "hundreds" of malicious GitHub commits Commits pretend to be useful software but trick victims into downloading malware At least one person lost 5 BTC because of the campaign Cybersecurity researchers Kaspersky have iscovered a longstanding, widespread criminal campaign targeting software developers with information-stealing malware . Kaspersky said it observed hundreds of fake GitHub repositories, some posing as tools and automation mechanisms, others as hacks and cracks, that were actually delivering different sorts of malware to their victims. They dubbed the campaign GitVenom. Apparently, someone has been very thorough, carefully setting up commits, writing accompanying documentation and readme files, all in order to avoid being flagged as malware. However, beneath the fake documents lies malicious code built in Python, JavaScript, C, C++. and C#. Kaspersky saw Node.js stealer, AsyncRAT, Qasar backdoor, and a clipboard hijacker. The malware has been circulating across GitHub for at least two years, Kaspersky stressed, with targets and victims located all over the world, but some countries are targeted more than others: with Russia, Brazil, and Turkey hit especially hard. Losing bitcoin There is no telling how many victims fell for the ruse, but Kaspersky singled out one case in which someone lost 5 BTC to the scam, equivalent to just under half a million dollars. GitHub is one of the most popular code repositories in the world, used every day by millions of software developers. It is an important platform that helps speed up and simplify software development, while at the same time improves security by allowing countless security experts to scrutinize the code. However, the popularity also draws in the wrong crowd. GitHub is constantly being bombarded with malware, as hackers employ typosquatting, impersonation, and outright fraud, to try and trick people into downloading malware instead of legitimate code. GitHubs maintainers work hard to keep the platform clean, and were forced on multiple occasions to suspend new account creation and new commits submissions, due to an onslaught of malware. Via BleepingComputer You might also like GitHub is hiding malware disguised as games, legitimate software We've rounded up the best password managers Take a look at our guide to the best authenticator app ====================================================================== Link to news story: https://www.techradar.com/pro/security/hundreds-of-github-repositories-hijacke d-to-trick-users-into-downloading-malware --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .