A naukri.com initiative
Securelist
1M
80
Image Credit: Securelist
The GitVenom campaign: cryptocurrency theft using GitHub
- The GitVenom campaign utilizes fake projects with malicious code on GitHub to target users, reflecting a rising trend of using open-source code as a lure for attacks.
- Threat actors created hundreds of repositories with fake projects like Instagram automation tools and hacking utilities designed to appear legitimate.
- Repositories contained well-crafted README.md files and artificially inflated commit counts to deceive potential victims.
- Malicious code was hidden in various programming languages like Python, JavaScript, C, C++, and C#, executing actions different from what was described in the fake projects.
- The attackers used encrypted scripts, malicious functions, and batch scripts to implant and execute the malicious code within the projects.
- The malicious payloads aimed to download further components from an attacker-controlled repository, including a Node.js stealer, AsyncRAT implant, Quasar backdoor, and a clipboard hijacker.
- Potential victims worldwide, with notable activity in Russia, Brazil, and Turkey, have been targeted by the GitVenom campaign over the past few years.
- It is critical for developers to cautiously assess and verify third-party code from platforms like GitHub to prevent incorporating malicious code into their projects.
- The campaign's impact has been substantial, with infection attempts continuing globally, emphasizing the need for heightened vigilance in handling open-source code.
- Reference hashes for infected repository archives are provided as a resource for identification and mitigation of the GitVenom threat.
Read Full Article
4 Likes
For uninterrupted reading, download the app