Hackers have launched a new malware campaign targeting GitHub users, distributing clipper malware disguised as popular projects.


The campaign involves creating malicious repositories related to tools, video games [6], and cheats [1] [5] [6] [7], regularly updating them to increase visibility. Fake accounts are used to add positive reviews and ratings [4], while the malware’s size is inflated to evade antivirus detection. The clipper malware steals clipboard information [4], particularly targeting cryptocurrency theft. Interestingly, it does not activate on computers in Russia. Security researcher Yehuda Gelb advises monitoring commit frequency and account activity, conducting manual code reviews [2] [8], and using malware detection tools to protect against these threats. Checkmarx’s report highlights the trend of using GitHub to distribute Windows malware [6], targeting crypto wallets by swapping wallet addresses [1]. Malicious actors exploit GitHub’s search function to deceive users into downloading malware disguised as legitimate projects [3]. Hidden within project files [8], the malware appears legitimate with fake stargazers and frequent modifications [1] [7]. Users are warned to be cautious of public repositories [1], especially from new accounts or with newly created stargazers [1] [7].


The distribution of malware on GitHub poses a significant threat to the open-source ecosystem. Developers must exercise caution when downloading from repositories and not rely solely on reputation for trustworthiness [3]. Continuous vigilance and the use of specialized tools are essential to combat these evolving cybersecurity threats.


[1] https://uk.pcmag.com/security/151817/windows-malware-on-github-wants-to-steal-your-crypto
[2] https://www.computerweekly.com/news/366580472/Cyber-crooks-poison-GitHub-search-to-fool-developers
[3] https://www.443news.com/2024/04/githubs-fake-popularity-scam-tricking-developers-into-downloading-malware/
[4] https://www.techradar.com/pro/security/hackers-look-to-trick-github-users-with-intricate-malware
[5] https://www.itpro.com/security/hackers-are-abusing-githubs-search-function-to-spread-malware
[6] https://www.scmagazine.com/brief/github-search-exploited-for-malware-distribution
[7] https://me.pcmag.com/en/security/23029/windows-malware-on-github-wants-to-steal-your-crypto
[8] https://www.techtarget.com/searchsecurity/news/366580379/Supply-chain-attack-abuses-GitHub-features-to-spread-malware