CyberSecurityBoard
Sponsor Register Login

GitVenom attacks abuse hundreds of GitHub repos to steal crypto

"Over the course of the GitVenom campaign, the threat actors behind it have created hundreds of repositories on GitHub that contain fake projects with malicious code – for example, an automation instrument for interacting with Instagram accounts, a Telegram bot allowing to manage Bitcoin wallets, and a hacking tool for the video game Valorant," describes Kaspersky's Georgy Kucherin. A malware campaign dubbed GitVenom uses hundreds of GitHub repositories to trick users into downloading info-stealers, remote access trojans (RATs), and clipboard hijackers to steal crypto and credentials. Kaspersky's analysis of multiple repositories supporting the GitVenom campaign revealed that the malicious code injected into the projects is written in various languages, including Python, JavaScript, C, C++, and C#.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 25 Feb 2025 19:50:27 +0000


Cyber News related to GitVenom attacks abuse hundreds of GitHub repos to steal crypto

GitVenom attacks abuse hundreds of GitHub repos to steal crypto - "Over the course of the GitVenom campaign, the threat actors behind it have created hundreds of repositories on GitHub that contain fake projects with malicious code – for example, an automation instrument for interacting with Instagram ...
2 weeks ago Bleepingcomputer.com
Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus - In its continued efforts to crack down on North Korea's most formidable state-sponsored threat group, the US government has seized a virtual currency mixer that has been serving as the principal way the group launders money stolen from its ...
1 year ago Darkreading.com Lazarus Group
Securing the code: navigating code and GitHub secrets scanning - Enter the world of GitHub secrets scanning tools, the vigilant sentinels of your digital gala. Secrets scanning in GitHub is anchored by two fundamental strategies: proactive prevention and reactive detection, each serving a critical function in ...
1 year ago Securityboulevard.com
The Week in Ransomware - January 20th, 2023 Crypto Exchanges Under Attack - The week of January 20th, 2023 brought yet another wave of ransomware attacks targeting crypto exchanges. Crypto exchanges all around the world have been hit by a barrage of sophisticated and well-planned ransomware campaigns. From high-profile ...
2 years ago Bleepingcomputer.com
Bloomberg Crypto X account snafu leads to Discord phishing attack - The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack. As first spotted by crypto fraud investigator ZachXBT, the profile contained a link ...
1 year ago Bleepingcomputer.com Scattered Spider
GitHub, PyTorch and More Organizations Found Vulnerable to Self-Hosted Runner Attacks - Last July, we published an article exploring the dangers of vulnerable self-hosted runners and how they can lead to severe software supply chain attacks. GitHub itself was found vulnerable, as well as various notable organizations, such as PyTorch, ...
1 year ago Securityboulevard.com
Web3 security firm CertiK's X account hacked to push crypto drainer - The Twitter/X account of blockchain security firm CertiK was hijacked today to redirect the company's more than 343,000 followers to a malicious website pushing a cryptocurrency wallet drainer. Crypto fraud sleuth ZachXBT later leaked screenshots of ...
1 year ago Bleepingcomputer.com
GitVenom Campaign Abusing Thousands of GitHub Repositories To Infect Users - A sophisticated malware campaign dubbed “GitVenom” has exploited GitHub’s open-source ecosystem to distribute malicious code through thousands of fraudulent repositories, targeting developers seeking automation tools, cryptocurrency ...
2 weeks ago Cybersecuritynews.com
APT Hackers Abusing GitHub - Hackers use GitHub to access and manipulate source code repositories. GitHub hosts open-source projects, and unauthorized access allows hackers to inject malicious code, steal sensitive information, and exploit vulnerabilities in software development ...
1 year ago Cybersecuritynews.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Netgear, Hyundai latest X accounts hacked to push crypto drainers - The official Netgear and Hyundai MEA Twitter/X accounts are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware. While Hyundai has already regained access to their account and has cleaned ...
1 year ago Bleepingcomputer.com
Blockchain dev's wallet emptied in "job interview" using npm package - The recruiter in question asked the developer to download npm packages from a GitHub repository, and hours later the developer discovered his MetaMask wallet had been emptied. Take-home job exercise empties dev's crypto wallet. Moments later, the ...
1 year ago Bleepingcomputer.com
Mandiant's X account hacked by crypto Drainer-as-a-Service gang - The threat actor who took over Mandiant's X social media account used it to share links, redirecting the company's over 123,000 followers to a phishing page to steal cryptocurrency. As Mandiant found during a follow-up investigation into the ...
1 year ago Bleepingcomputer.com
CVE-2021-32638 - Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. The runner and its documentation previously suggested passing the GitHub token ...
2 years ago
GitHub code-signing certificates stolen - Another day, another access-token-based database breach. This time, the victim is Microsoft's GitHub business. On December 6, 2022, repositories from our atom, desktop, and other deprecated GitHub-owned organizations were cloned by a compromised ...
2 years ago Nakedsecurity.sophos.com
X users fed up with constant stream of malicious crypto ads - Cybercriminals are abusing X advertisements to promote websites that lead to crypto drainers, fake airdrops, and other scams. Like all advertising platforms, X, formerly known as Twitter, claims to show advertisements based on a user's activity, ...
1 year ago Bleepingcomputer.com
North Korean Hackers Use Fake Job Offers & Salary Bumps as Lure for Crypto Theft - Recent investigations have uncovered a massive operation carried out by North Korean hackers looking to steal cryptocurrency through fake job offers and salary bumps. According to recent reports, hackers have been able to trace the malicious ...
2 years ago Therecord.media
US seizes Sinbad crypto mixer used by North Korean Lazarus hackers - The U.S. Department of the Treasury has sanctioned the Sinbad cryptocurrency mixing service for its use as a money-laundering tool by the North Korean Lazarus hacking group. A cryptocurrency mixer is a server that allows people to deposit crypto, ...
1 year ago Bleepingcomputer.com Lazarus Group
Massive Data Breach at Gokumarket: Over a Million Users' Information Exposed - Several days before the leak, the GokuMarket team found an unprotected MongoDB instance, which was storing information about its users, namely those who bought and sold crypto on the exchange. In GokuMarket's case, it is the details of more than a ...
1 year ago Cysecurity.news
North Korean Hackers Stole $600m in Crypto in 2023 - North Korean hackers stole at least $600m in cryptocurrency in 2023, around a third of the total value of such heists, according to blockchain intelligence firm TRM. Despite the eye-watering sum, this figure represents a 30% reduction on ...
1 year ago Infosecurity-magazine.com
Android/SpyNote Moves to Crypto Currencies - Affected Platform: AndroidImpacted Users: Android users with mobile crypto wallet or banking applicationsImpact: Financial LossSeverity Level: Medium. It has grown into one of the most common families of malware for Android, with multiple samples, ...
1 year ago Feeds.fortinet.com
CVE-2023-30853 - Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration ...
1 year ago
Over 12 million auth secrets and keys leaked on GitHub in 2023 - GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. The exposed secrets include account passwords, API keys, ...
1 year ago Bleepingcomputer.com
What's new in the MSRC Report Abuse Portal and API - The Microsoft Security Response Center has always been at the forefront of addressing cyber threats, privacy issues, and abuse arising from Microsoft Online Services. Building on our commitment, we have introduced several key updates to the Report ...
8 months ago Msrc.microsoft.com
GitHub warns users to enable 2FA before upcoming deadline - GitHub is warning users that they will soon have limited functionality on the site if they do not enable two-factor authentication on their accounts. In emails sent to GitHub users on Christmas Eve, the company warned that all users contributing code ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)