216.73.217.80

Fake GitHub projects distribute stealers in GitVenom campaign

· Published 24/02/2025 14:22 · Modified 24/02/2025 16:52

Export JSON

Essential information

Published
24/02/2025 14:22
Modified
24/02/2025 16:52
Tags
2025-02-24 asyncrat clipboard-hijacker cryptocurrency fake-projects github gitvenom open-source quasar stealer
Related entities
2 observables, 16 techniques (mitre), 2 malware, 2 others

Description

The campaign involves threat actors creating hundreds of fake repositories on containing malicious code disguised as legitimate projects. These repositories include well-designed README files and artificially inflated commit numbers to appear genuine. The malicious code, implemented in various programming languages, downloads and executes further malicious components from attacker-controlled repositories. These components include a Node.js , , backdoor, and a clipboard hijacker targeting transactions. The campaign has been active for several years, with infection attempts observed worldwide, particularly in Russia, Brazil, and Turkey. The attackers' tactics highlight the importance of carefully examining third-party code before integration or execution.

External references