GitVenom: A Sophisticated Malware Campaign Targeting Gamers and Cryptocurrency Investors

Cybersecurity researchers have uncovered an ongoing malware campaign targeting gamers and cryptocurrency investors by disguising malicious software as open-source projects hosted on GitHub. This campaign, dubbed GitVenom by Kaspersky, spans hundreds of fraudulent repositories and has been active for at least two years.

Hackers behind GitVenom employ deceptive tactics to lure unsuspecting users into downloading compromised software, ultimately stealing sensitive information such as login credentials, banking data, and cryptocurrency wallets.

How GitVenom Operates

According to Kaspersky, the infected repositories claim to offer popular tools, including:

• An automation tool for Instagram account management

• A Telegram bot for remotely controlling Bitcoin wallets

• A crack tool for the popular game Valorant

However, these so-called tools are completely fake, and their actual purpose is to infect victims’ devices with malware that enables cybercriminals to:

• Steal personal and financial data

• Hijack cryptocurrency wallets by replacing copied addresses in the clipboard

• Gain unauthorized access to victims’ systems using remote administration tools

As of now, researchers estimate that at least 5 bitcoins (approximately $456,600) have been stolen through this campaign. The highest number of infection attempts has been observed in Russia, Brazil, and Turkey.

Technical Breakdown of the Attack

GitVenom primarily targets developers and gamers by disguising malicious code in various programming languages, including Python, JavaScript, C, C++, and C#. Regardless of the language used, the infection process follows a similar pattern:

1. Fake Open-Source Projects: Attackers create GitHub repositories with seemingly legitimate projects and source code.

2. Embedded Malware Execution: Once downloaded, the malicious files execute an embedded payload that connects to an attacker-controlled GitHub repository.

3. Secondary Payload Deployment: The malware downloads additional components, including:

   • Node.js-based information stealers that extract saved credentials, banking details, browsing history, and cryptocurrency wallets.

   • Remote Access Trojans (RATs) such as AsyncRAT and Quasar RAT, allowing attackers to control infected devices remotely.

   • Clipboard hijackers (clippers) that swap copied cryptocurrency wallet addresses with those controlled by the attackers, redirecting digital assets to their wallets.

Why This Attack is Dangerous

GitHub is a widely trusted platform for developers and open-source contributors. By leveraging GitHub for malware distribution, cybercriminals are taking advantage of the platform’s credibility to gain the trust of potential victims. This method also helps evade security mechanisms that often flag software downloads from unknown or suspicious sources.

According to Georgy Kucherin, a researcher at Kaspersky:

Recent Developments in Gaming Cybersecurity

Alongside GitVenom, cybersecurity firm Bitdefender has recently exposed another gaming-related scam targeting Counter-Strike 2 (CS2) players. Attackers are exploiting major e-sports tournaments such as IEM Katowice 2025 and PGL Cluj-Napoca 2025 to lure victims into fraudulent CS2 skin giveaways.

Hackers hijack YouTube accounts to impersonate famous CS2 professional players like s1mple, NiKo, and donk to promote fake giveaways. These scams ultimately lead to:

• Stolen Steam accounts

• Cryptocurrency theft

• Loss of valuable in-game items

How to Stay Protected

To avoid falling victim to malware campaigns like GitVenom and gaming scams, users should follow these precautions:

1. Verify GitHub Repositories – Check the reputation of the developer and scrutinize the repository for any red flags before downloading code.

2. Use Reputable Security Software – Employ endpoint protection and anti-malware tools that detect and block malicious downloads.

3. Avoid Downloading Cracked Software – Many malicious tools disguise themselves as game hacks, cheats, or cracked software.

4. Enable Two-Factor Authentication (2FA) – Protect cryptocurrency wallets, gaming accounts, and other online platforms with 2FA.

5. Be Cautious of Clipboard Usage – If you frequently transfer cryptocurrency, always double-check the recipient's address before confirming transactions.

Conclusion

The GitVenom campaign highlights the growing threat posed by cybercriminals who leverage open-source platforms to distribute malware. As technology advances and more users engage in gaming and cryptocurrency investments, it is crucial to stay vigilant, verify sources before downloading software, and adopt strong cybersecurity measures to protect personal and financial data.