PANews reported on February 26 that according to CoinDesk, Kaspersky discovered that hackers are using GitHub to carry out "GitVenom" attacks, which have been active for at least two years and are on the rise. Hackers create GitHub code repositories disguised as legitimate projects, such as Telegram robots or computer game tools for managing Bitcoin wallets, but hide malicious code in them.
The attacker used Python and JavaScript code to implant Trojan viruses, which infect the victim's device to steal passwords, encrypt wallet information, and hijack Bitcoin transaction addresses. In November 2024, a developer lost more than $400,000 in Bitcoin due to the attack. GitVenom mainly affects countries such as Russia, Brazil, and Türkiye, and is still spreading around the world.
Kaspersky recommends that developers carefully review the authenticity of the project before running the code, and be wary of overly optimized README files and suspicious code commit histories.
