GitHub Repositories Exploit Crypto Wallet Vulnerabilities

GitHub Repositories Exploit Crypto Wallet Vulnerabilities

By: Isha Das

Recent findings by cybersecurity experts reveal that malicious actors are exploiting GitHub repositories to target cryptocurrency wallets. According to Kaspersky's investigation, an attack vector named GitVenom is being used to distribute code with the intent to deceive users. The campaign has grown widespread, with attackers creating hundreds of fake GitHub repositories purporting to offer tools for social media automation and wallet management, among other utilities. However, these repositories mainly function as a means for threat actors to implant malicious code instead.

The scripts embedded in these repositories leverage known open-source languages such as Python, JavaScript, C, C++, and C#. For instance, in Python projects, attackers used a series of tab characters to introduce malicious sequences that install cryptographic libraries. Henceforth, these codes download additional payloads, triggering sequences that decrypt and execute harmful instructions.

Additionally, the strategy incorporates a Node.js stealer that exfiltrates sensitive data from infected systems. The malware, utilizing platforms like Telegram, collects credentials, digital wallet information, and browsing histories. To enhance its functionality, various open-source tools like AsyncRAT and Quasar backdoor provide remote access, while clipboard hijackers maliciously redirect cryptocurrency addresses to those managed by the hackers.

GitVenom has been active for several years, infecting systems worldwide, particularly in Russia, Brazil, and Turkey. Given these threats, Kaspersky emphasizes the need for developers to thoroughly review third-party code on open-source platforms like GitHub. Though such platforms are vital for collaborative efforts, they also pose risks when exploited by attackers. Developers are encouraged to scrutinize GitHub activity, commit history, and README documents critically to discern authenticity, and be cautious of fabricated AI-generated content.

Get In Touch

[email protected]

Follow Us

© BlockBriefly. All Rights Reserved.