Hackread reports that several fake GitHub repositories masquerading as legitimate projects have been leveraged to facilitate the deployment of malicious payloads over the past two years as part of the global GitVenom malware campaign, which has primarily compromised Russia, Brazil, and Turkey.
Malicious actors behind GitVenom established repositories purporting to be a Telegram Bitcoin wallet bot, an Instagram automation software, and others that include highly convincing files and obfuscated malicious code, which when executed retrieves the Node.js information-stealing malware to compromise credentials, banking and cryptocurrency wallet details, and browsing history, according to a report from Kaspersky.
Attacks also involved the delivery of AsyncRAT and Quasar RAT remote administration tools to enable system takeovers, as well as a clipboard hijacker allowing the exfiltration of cryptocurrency assets to attacker-controlled wallets.
Such findings emphasize the importance of properly vetting third-party code, with organizations urged to evaluate the code's legitimacy prior to execution or integration.
