Hackers stealing BTC from malicious github -code bases

Leave a Comment / Business

The GITHUB code you use to build a trendy application or patch existing bugs may just be used to steal your Bitcoin (BTC) or other Crypto Holdings, according to a Kaspersky report.

GitHub is a popular tool among developers of all types, but even more among cryptophocused projects where a simple application can generate millions of dollars in revenue.

The report warned users of a “Gitvenom” campaign that has been active for at least two years but is steadily increasing, involving planting malicious code in fake projects on the popular codeposing platform.

The attack starts with seemingly legitimate GITHUB projects -such as making telegram bots to manage Bitcoin drawing books or computer games tools.

Each comes with a polished readme file, often AI-generated, to build trust. But the code itself is a Trojan horse: For Python-based projects, attackers hide dishonest scripts after a bisarr string of 2,000 tabs that are decrypted and perform a malicious payload.

For JavaScript, a junk feature is embedded in the main file that triggers the launch attack. Once enabled, malware draws additional tools from a separate hacker-controlled GitHub archive.

(A tab organizes code, making it readable by adjusting lines. The payload is the central part of a program that does the actual work – or damage, in Malware’s case.)

Once the system is infected, various other programs kick in to perform the utilization. A node.js steals harvesting passwords, crypto -tevebog details and reviews history, then bundles and sends them via telegram. Trojans with remote access such as Asyncrat and Quasar take over the victim’s device, logging of keystrokes and shooting of screens.

A “cliff” also swaps copied wallet addresses with Hacker’s own and redirects funds. Such a wallet web 5 BTC – worth $ 485,000 at that time – alone in November.

Gitvenom is active for at least two years and has hit users hardest in Russia, Brazil and Turkey, although its reach is global, per year. Kaspersky.

The attackers keep it stealthy by mimicking active development and varying their coding tactics to avoid antivirus software.

How can users protect themselves? By examining any code before running it, the project’s authenticity verifies and is suspicious of overly polished readmes or inconsistent commitment stories.

Because scientists do not expect these attacks to stop anytime soon: “We expect these attempts to continue in the future, possibly with small changes in the TTPs,” Kaspersky concluded in his position.

Must Read

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top