Kaspersky's Global Research and Analysis Team (GReAT) has identified a new malware threat called 'GitVenom' spreading through GitHub. This virus primarily targets gamers and cryptocurrency investors, with Brazil being the most affected country in Latin America.
GitVenom has already caused an estimated $485,000 in Bitcoin losses, along with the theft of personal information and sensitive data. Other affected countries include Turkey and Russia.
GitVenom infects users when they download and execute seemingly legitimate code repositories on GitHub, such as bots for Instagram automation, Bitcoin wallet managers, or game cracks. These repositories are designed to appear trustworthy, often using AI to optimize their names and descriptions. Once executed, the malware steals passwords, banking information, cryptocurrency wallet data, browsing history, and other personal information. It also allows attackers to remotely control the infected computer. GitVenom monitors the user's clipboard and replaces copied Bitcoin wallet addresses with the attacker's address, redirecting funds without the user's knowledge.
Kaspersky recommends carefully verifying the actions of third-party code before execution to avoid falling victim to such attacks.