Cybersecurity researchers are turning their attention to ongoing campaigns targeting gamers and cryptocurrency investors, pose as open source projects hosted on GitHub.
The campaign spanning hundreds of repositories is known by Kaspersky as Gitvenom.
“Infected projects include automation equipment to interact with Instagram accounts, telegram bots that allow remote management of Bitcoin wallets, and crack tools to play Valorant games,” said Russia’s Cybersecurity. The vendor said.
“All of this suspected project features were fake, and the cybercriminals behind the campaign stole personal and bank data and hijacked Cryptowallet addresses from the clipboard.”
The malicious activity has promoted theft of five Bitcoins, worth around $456,600 at the time of writing. When some fake projects were published, the campaign is believed to have continued for at least two years. The majority of infection attempts have been recorded in Russia, Brazil and Türkiye.
The project in question is written in a variety of programming languages, including Python, JavaScript, C, C++, C#. However, regardless of the language used, the end goal is the same. Launches an embedded malicious payload that is responsible for obtaining and running additional components from an attacker-controlled GitHub repository.
Of these modules, the node.js information steeler, which collects passwords, bank account information, stored credentials, cryptocurrency wallet data, and web browsing history. Compress them into .7Z archives and remove them to threat actors via telegrams.
Also, remote management tools such as Asyncrat and Quasar rats downloaded from the Bogus Github project can be used for clipper malware that can be used to command infected hosts. A threat actor.
“Code sharing platforms such as GitHub are used by millions of developers around the world, so threat actors will continue to use fake software as infection temptation in the future,” says Kaspersky researcher Georgy Kuchherin He said.
“So it’s important to handle the processing of third-party code very carefully. Before you try to execute such code or integrate it into an existing project, you can thoroughly implement the actions that are performed by it. It is most important to check with.
Bitdefender has made its intention to scammers to target popular video game counter strike 2 (CS2) players by exploiting major esports tournaments like IEM Katowice 2025 and PGL Cluj-Napoca 2025. It was developed as if it was revealed that it was targeted.
“By hijacking YouTube accounts by impersonating professional players like S1mple, Niko, Donk, and others, cybercriminals will result in stolen steam accounts, cryptocurrency theft, and loss of valuable items in the game. We are inviting fans to fraudulent CS2 skin presents,” the company said.
Source link
