- Kaspersky research finds “hundreds” of malicious GitHub commits
- Commits pretend to be useful software but trick victims into downloading malware
- At least one person lost 5 BTC because of the campaign
Cybersecurity researchers Kaspersky have iscovered a longstanding, widespread criminal campaign targeting software developers with information-stealing malware.
Kaspersky said it observed hundreds of fake GitHub repositories, some posing as tools and automation mechanisms, others as hacks and cracks, that were actually delivering different sorts of malware to their victims. They dubbed the campaign ‘GitVenom’. Apparently, someone has been very thorough, carefully setting up commits, writing accompanying documentation and readme files, all in order to avoid being flagged as malware.
However, beneath the fake documents lies malicious code built in Python, JavaScript, C, C++. and C#. Kaspersky saw Node.js stealer, AsyncRAT, Qasar backdoor, and a clipboard hijacker. The malware has been circulating across GitHub for at least two years, Kaspersky stressed, with targets and victims located all over the world, but some countries are targeted more than others: with Russia, Brazil, and Turkey hit especially hard.
Losing bitcoin
There is no telling how many victims fell for the ruse, but Kaspersky singled out one case in which someone lost 5 BTC to the scam, equivalent to just under half a million dollars.
GitHub is one of the most popular code repositories in the world, used every day by millions of software developers. It is an important platform that helps speed up and simplify software development, while at the same time improves security by allowing countless security experts to scrutinize the code.
However, the popularity also draws in the wrong crowd. GitHub is constantly being bombarded with malware, as hackers employ typosquatting, impersonation, and outright fraud, to try and trick people into downloading malware instead of legitimate code.
GitHub’s maintainers work hard to keep the platform clean, and were forced on multiple occasions to suspend new account creation and new commits submissions, due to an onslaught of malware.
Via BleepingComputer
Leave a comment