Kaspersky warns of Gabbab’s projects that suffer from malware: How to steal the trial papers
The Kaspersky Cyber Security Company has warned of GitHub to spread harmful programs to steal accreditation through fake warehouses.
The campaign, called “Gitvenom”, includes attackers to create legitimate projects that appear full of the harmful symbol that affects users’ devices when downloading.
These warehouses are designed to target developers, encryption users and companies that depend on open source programs.
Kaspersky research, published on February 24, highlights how to manipulate the threats of threats on the GitHub platform to make their warehouses look credible.
By taking advantage of artificial intelligence to create documents and update timetables to suggest active development, infiltrators are deceived by reassuring users to download and implement harmful programs.
The risks extend beyond developers looking for open source tools.
Magistical programs in these warehouses include theft of information, a Trojan horses from a remote (mice) and portfolio specialists, all of which target armed accreditation data, cryptocurrencies, and personal data.
With the constant improved Internet criminals their tactics, GitHub users face a sophisticated threat to cybersecurity that extends through multiple industries.
Magistical programs are disguised as a program
The Kaspersky report shows how infiltrators use deceptive tactics to push harmful programs under the guise of useful tools.
Many fake warehouses claim that they offer programs such as a buds telegram to manage Bitcoin portfolios or automated social media platforms such as Instagram.
In fact, these projects act as an interface to distribute malware designed to harvest sensitive data.
Once installed, malware is activated and begins to extract entry login accreditation data, coded currency portfolio information, and the date of browsing.
The stolen data is then sent to the attackers via a telegram, allowing them to reach accounts and steal money from a distance.
The kidnapping of the portfolio increases the risks by monitoring the addresses of the copied wallet and replacing it with addresses-controlled by pirate-organized transactions to Internet criminals.
Kaspersky research found that many of these harmful projects were active for at least two years, highlighting their effectiveness in deceiving victims.
The development of these attacks indicates that Internet criminals have identified Gitap as a profitable vector for the distribution of malware, and they are likely to continue to improve their technologies.
Theft of encryption associated with Gitvenom
The impact of the Gitvenom campaign was large, as infiltrators succeeded in swarm of funds from reassuring victims.
In one case was reported in November 2024, a hacker -dominated portfolio received five bitcoin, with a value of approximately $ 442,000 at the time.
While Gypper’s warehouses that suffer from malware around the world have been discovered, Kaspersky notes that users in Russia, Brazil and Turkey have been affected by an unpopular way.
Given the huge number of developers and companies that depend on GitHub for software development, these attacks can escalate if proactive security measures are not adopted.
The increasing use of documents created by artificial intelligence and deceptive modernization records indicate that threat actors develop their methods to avoid detection.
Security researchers warn that unless GitHub and its users are carried out strictly, similar malware campaigns will continue, which leads to more thefts and financial losses.
The encryption industry lost $ 1.49 billion in 2024
Kaspersky results are in line with the wider cyber security trends in the encryption space.
According to a report from Blockchain security company IMMUNEFIThe encryption industry suffered $ 1.49 billion in losses due to breakthroughs and fraud in 2024.
This represents a 17 % decrease from 2023, however piracy accidents remained the main cause of financial losses.
Of a total of $ 1.49 billion lost, $ 1.47 billion – 98.1 % – was strengthened to breakthroughs, with 192 documented accidents.
Fraud shape, including rug and exit carpet, represents $ 28 million, which represents only 1.9 % of total losses.
However, fraud cases increased by 72 % on an annual basis, which reflects an increased development in the electronic criminal tactics.
While the decrease in the total losses indicates the improvement of security measures, the number of attacks is still high.
In 2023, 320 piracy accidents were reported, compared to 232 in 2024 – a decrease of 27.5 %.
Cyber security experts warn that despite the progress made, platforms like GitHub are still using them, and that the most targeted security strategies are necessary to relieve risks.
Since Internet criminals improve their approaches, organizations and developers must exercise caution when downloading programs from open source platforms.
The rise of fake warehouses created from artificial intelligence, as well as the constant threat of electronic encoding attacks, emphasizes the need to enhance verification methods to prevent financial losses on a large scale.
The post Kaspersky warns of GitHub projects that suffer from harmful programs: How infiltrators appear first accreditation data on Invezz
