What to know:

• A recent report from Kaspersky warns of a fraudulent scheme named GitVenom, which has been active for over two years and is on the rise.
• The attack begins with seemingly legitimate GitHub projects, such as creating Telegram bots for managing Bitcoin wallets or tools for computer games.
• One incident saw a developer lose over $400,000 in Bitcoin in November due to this scam.

The Threat of Malicious Code

According to Kaspersky, the GitHub code you’re using to enhance your applications may be a means to steal your Bitcoin (BTC) or other crypto assets.

GitHub is a favored platform among developers for creating various applications, especially in the crypto space, where apps can yield substantial profits.

The report emphasizes the GitVenom campaign, which involves embedding harmful code in fake projects on GitHub, using polished README files to establish trust. However, the underlying code functions as a Trojan horse, sneaking malicious instructions into Python projects through intricate methods, designed to activate hidden exploit payloads.

For JavaScript, a rogue function is included that triggers the attack upon execution. Once the malware is active, it can collect sensitive data like passwords and cryptocurrency wallet information, sending the gathered data to hackers seamlessly through services like Telegram.

Recent instances indicate that users in Russia, Brazil, and Turkey have been particularly affected by these attacks, though the threat is global. Users are urged to scrutinize any code before executing it and be wary of overly polished README files that may hide malicious intents.

Kaspersky anticipates that such attacks will continue with potential minor adjustments in tactics moving forward.

Conclusion

Stay vigilant, as the likelihood of these schemes persisting is high, with Kaspersky advising users to verify the authenticity of GitHub projects and remain cautious of suspicious coding practices.