{"id":15249,"date":"2025-02-27T05:32:45","date_gmt":"2025-02-27T05:32:45","guid":{"rendered":"https:\/\/dogewisperer.com\/?p=15249"},"modified":"2025-02-27T05:32:45","modified_gmt":"2025-02-27T05:32:45","slug":"crypto-scam-alert-hackers-use-github-to-steal-funds-kaspersky","status":"publish","type":"post","link":"https:\/\/dogewisperer.com\/?p=15249","title":{"rendered":"Crypto Scam Alert: Hackers Use GitHub To Steal Funds\u2014Kaspersky"},"content":{"rendered":"<div>\n<p>Cybercriminals have initiated a sophisticated attack that targets GitHub users. They are utilizing fake repositories to disseminate malware that steals personal data and cryptocurrency. <a href=\"https:\/\/www.kaspersky.com\/blog\/malicious-code-in-github\/53085\/\" rel=\"nofollow noopener\" target=\"_blank\">Kaspersky<\/a>, a security firm, has identified more than 200 repositories that deceive unsuspecting developers and merchants by posing as legitimate open-source projects.<\/p>\n<h2>Deceptive Repositories Inundate GitHub<\/h2>\n<p>The perpetrators of this scheme have designed their repositories to look credible, often depicting them as solutions for automating Instagram interactions or managing Bitcoin wallets. These bogus projects aim to convince consumers of their authenticity by employing professional descriptions, regular updates, and meticulously produced documentation.<\/p>\n<p>Victims who fall to the trap install <a href=\"https:\/\/www.kaspersky.com\/about\/press-releases\/kaspersky-exposes-hidden-malware-on-github-stealing-personal-data-and-485000-in-bitcoin\" rel=\"nofollow noopener\" target=\"_blank\">malware<\/a> from these fraudulent repositories. Infected files contain remote access trojans (RATs), clipboard hijackers, and data-extracting software, allowing attackers to retrieve browser histories, cryptocurrency wallet details, and login credentials.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">GitHub Malware Alert <img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/26a0.png\" alt=\"\u26a0\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\"><\/p>\n<p>Our Global Research &amp; Analysis Team (GReAT) uncovered GitVenom\u2014a stealthy, multi-stage <a href=\"https:\/\/twitter.com\/hashtag\/malware?src=hash&amp;ref_src=twsrc%5Etfw\" rel=\"nofollow noopener\" target=\"_blank\">#malware<\/a> campaign exploiting open-source code. Infected repositories targeted <a href=\"https:\/\/twitter.com\/hashtag\/gamers?src=hash&amp;ref_src=twsrc%5Etfw\" rel=\"nofollow noopener\" target=\"_blank\">#gamers<\/a> and <a href=\"https:\/\/twitter.com\/hashtag\/crypto?src=hash&amp;ref_src=twsrc%5Etfw\" rel=\"nofollow noopener\" target=\"_blank\">#crypto<\/a> investors, hijacking wallets and siphoning $485,000 in <a href=\"https:\/\/twitter.com\/hashtag\/Bitcoin?src=hash&amp;ref_src=twsrc%5Etfw\" rel=\"nofollow noopener\" target=\"_blank\">#Bitcoin<\/a>.<\/p>\n<p>Get\u2026 <a href=\"https:\/\/t.co\/YhZJbSHCBV\" rel=\"nofollow\" target=\"_blank\">pic.twitter.com\/YhZJbSHCBV<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/1894599400325857581?ref_src=twsrc%5Etfw\" rel=\"nofollow noopener\" target=\"_blank\">February 26, 2025<\/a><\/p>\n<\/blockquote>\n<h2 data-pm-slice=\"1 1 []\">Malware Sends Stolen Data Via Telegram<\/h2>\n<p>When installed,\u2002the malware sends away the captured data to hackers through Telegram. Attackers use this secured messaging app to obtain sensitive information while\u2002remaining undetectable. In\u2002some cases, the malware alters clipboard information, which causes cryptocurrency transactions to be redirected to wallets controlled by the hackers.<\/p>\n<p>The magnitude of the operation is a cause for concern. According to Kaspersky, one user lost 5 Bitcoins, valued at approximately $442,000, as a result of the hack. Kaspersky has monitored numerous incidents from different countries: Russia, Brazil, and Turkey are the most severely affected.<\/p>\n<p><img fetchpriority=\"high\" decoding=\"async\" class=\"aligncenter size-full\" src=\"https:\/\/www.tradingview.com\/x\/dZNp6eGy\/\" width=\"2048\" height=\"959\"><\/p>\n<p>The GitVenom<\/p>\n<p>In a February 24 report, Kaspersky analyst Georgy Kucherin stated that <a href=\"https:\/\/securelist.com\/gitvenom-campaign\/115694\/\" rel=\"nofollow noopener\" target=\"_blank\">hackers<\/a> had created hundreds of repositories on GitHub containing fictitious projects that contain remote access trojans (RATs), info-stealers, and clipboard hijackers as part of the malware operation, which the company named <a href=\"https:\/\/thehackernews.com\/2025\/02\/gitvenom-malware-steals-456k-in-bitcoin.html\" rel=\"nofollow noopener\" target=\"_blank\">\u201cGitVenom.\u201d<\/a><\/p>\n<p>Kucherin added the malware creators made a huge effort to make the projects look legitimate by including well-designed instruction files that were possibly generated with the use of artificial intelligence programs.<\/p>\n<p>Extreme Caution A Must<\/p>\n<p>Kaspersky urged users to \u201cbe extra cautious about downloading code from\u2002GitHub.\u201d If you wish\u2002to reduce the possibility of becoming a victim of such attacks, maximum security measure is essential. This may involve scanning downloaded files for viruses, avoiding repositories with low activity or recent creation\u2002dates, and reviewing and verifying the history of repository owners.<\/p>\n<p>As new cyber threats arise, users need to be alert in protecting their valuables. Modern social engineering and phishing techniques are sophisticated enough\u2002to outwit even the most experienced of programmers. To reduce the chance of potential threats in the future, it is ideal to remain cognizant and maintain rigorous\u2002security protocols.<\/p>\n<p><em>Featured image from Gemini Imagen, chart from TradingView<\/em><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Cybercriminals have initiated a sophisticated attack that targets GitHub users. They are utilizing fake repositories to disseminate malware that steals personal data and cryptocurrency. Kaspersky, a security firm, has identified more than 200 repositories that deceive unsuspecting developers and merchants by posing as legitimate open-source projects. Deceptive Repositories Inundate GitHub The perpetrators of this scheme [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":0,"footnotes":""},"categories":[2],"tags":[3,4,5],"class_list":["post-15249","post","type-post","status-publish","format-standard","hentry","category-news","tag-crypto","tag-doge","tag-news"],"_links":{"self":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/15249","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15249"}],"version-history":[{"count":0,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/15249\/revisions"}],"wp:attachment":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15249"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15249"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15249"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}