Fake GitHub projects distribute stealers in GitVenom campaign
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The GitVenom campaign involves threat actors creating hundreds of fake repositories on GitHub containing malicious code disguised as legitimate projects. These repositories include well-designed README files and artificially inflated commit numbers to appear genuine. The malicious code, implemented in various programming languages, downloads and executes further malicious components from attacker-controlled repositories. These components include a Node.js stealer, AsyncRAT, Quasar backdoor, and a clipboard hijacker targeting cryptocurrency transactions. The campaign has been active for several years, with infection attempts observed worldwide, particularly in Russia, Brazil, and Turkey. The attackers' tactics highlight the importance of carefully examining third-party code before integration or execution.
OPENCTI LABELS :
open-source,stealer,cryptocurrency,asyncrat,github,quasar,gitvenom,clipboard-hijacker,fake-projects
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Fake GitHub projects distribute stealers in GitVenom campaign