{"id":15031,"date":"2025-02-26T06:31:40","date_gmt":"2025-02-26T06:31:40","guid":{"rendered":"https:\/\/dogewisperer.com\/?p=15031"},"modified":"2025-02-26T06:31:40","modified_gmt":"2025-02-26T06:31:40","slug":"hackers-are-using-fake-github-code-to-steal-your-bitcoin-kaspersky","status":"publish","type":"post","link":"https:\/\/dogewisperer.com\/?p=15031","title":{"rendered":"Hackers Are Using Fake GitHub Code to Steal Your Bitcoin: Kaspersky"},"content":{"rendered":"<div>\n<p>The GitHub code you use to build a trendy application or patch existing bugs might just be used to steal your bitcoin (BTC) or other crypto holdings, according to a Kaspersky report.<\/p>\n<p>GitHub is popular tool among developers of all types, but even more so among crypto-focused projects, where a simple application may generate millions of dollars in revenue.<\/p>\n<p>The report warned users of a \u201cGitVenom\u201d campaign that\u2019s been active for at least two years but is steadily on the rise, involving planting malicious code in fake projects on the popular code repository platform.<\/p>\n<p>The attack starts with seemingly legitimate GitHub projects \u2014 like making Telegram bots for managing bitcoin wallets or tools for computer games.<\/p>\n<p>Each comes with a polished README file, often AI-generated, to build trust. But the code itself is a Trojan horse: For Python-based projects, attackers hide nefarious script after a bizarre string of 2,000 tabs, which decrypts and executes a malicious payload.<\/p>\n<p>For JavaScript, a rogue function is embedded in the main file, triggering the launch attack. Once activated, the malware pulls additional tools from a separate hacker-controlled GitHub repository.<\/p>\n<p>(A tab organizes code, making it readable by aligning lines. The payload is the core part of a program that does the actual work \u2014 or harm, in malware\u2019s case.)<\/p>\n<p>Once the system is infected, various other programs kick in to execute the exploit. A Node.js stealer harvests passwords, crypto wallet details, and browsing history, then bundles and sends them via Telegram. Remote access trojans like AsyncRAT and Quasar take over the victim\u2019s device, logging keystrokes and capturing screenshots.<\/p>\n<p>A \u201cclipper\u201d also swaps copied wallet addresses with the hackers\u2019 own, redirecting funds. One such wallet netted 5 BTC \u2014 worth $485,000 at the time \u2014 in November alone.<\/p>\n<p>Active for at least two years, GitVenom has hit users hardest in Russia, Brazil, and Turkey, though its reach is global, per Kaspersky.<\/p>\n<p>The attackers keep it stealthy by mimicking active development and varying their coding tactics to evade antivirus software.<\/p>\n<p>How can users protect themselves? By scrutinizing any code before running it, verifying the project\u2019s authenticity, and being suspicious of overly polished READMEs or inconsistent commit histories.<\/p>\n<p>Because researchers don\u2019t expect these attacks to stop anytime soon: \u201cWe expect these attempts to continue in the future, possibly with small changes in the TTPs,\u201d Kaspersky concluded in its post.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>The GitHub code you use to build a trendy application or patch existing bugs might just be used to steal your bitcoin (BTC) or other crypto holdings, according to a Kaspersky report. GitHub is popular tool among developers of all types, but even more so among crypto-focused projects, where a simple application may generate millions [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":0,"footnotes":""},"categories":[2],"tags":[3,4,5],"class_list":["post-15031","post","type-post","status-publish","format-standard","hentry","category-news","tag-crypto","tag-doge","tag-news"],"_links":{"self":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/15031","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15031"}],"version-history":[{"count":0,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/15031\/revisions"}],"wp:attachment":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15031"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15031"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15031"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}