As cryptocurrency adoption continues to grow, so too do concerns over security and fraud. Two recent developments highlight the risks facing users in different areas of the crypto ecosystem. In one case, cybersecurity firm Kaspersky has uncovered a large-scale malware campaign, GitVenom, where hackers create fake GitHub repositories to trick users into downloading credential-stealing malware. Meanwhile, US Senator Dick Durbin has introduced the Crypto ATM Fraud Prevention Act, aimed at curbing scams that exploit cryptocurrency ATMs to defraud users, particularly senior citizens.
Hackers Flood GitHub With Fake Projects to Spread Crypto-Stealing Malware, Kaspersky Warns
A sophisticated malware campaign is sweeping through GitHub, as hackers create hundreds of fake repositories to lure unsuspecting developers and cryptocurrency users into downloading credential-stealing and crypto-targeting malware, cybersecurity firm Kaspersky has warned.
In a Feb. 24 report, Kaspersky analyst Georgy Kucherin revealed the existence of a large-scale operation, dubbed “GitVenom,” in which cybercriminals have flooded GitHub with counterfeit projects designed to distribute remote access trojans (RATs), info-stealers, and clipboard hijackers. The malicious actors have gone to extraordinary lengths to make these repositories appear legitimate, tricking users into compromising their personal and financial data.
Kaspersky’s findings suggest that the attackers have been actively maintaining hundreds of fake GitHub repositories that falsely claim to provide useful software tools. Among the fraudulent projects identified are:
A Telegram bot for managing Bitcoin wallets
An automation tool for Instagram account interactions
Various other seemingly harmless applications
However, none of these tools actually function as advertised. Instead, they secretly deliver malicious payloads that siphon sensitive user information.
Kucherin noted that the cybercriminals made these projects appear legitimate by incorporating “well-designed” instruction files that could have been generated using AI tools. These files provide misleading guidance on how to install and use the fake software, deceiving users into trusting and executing the malicious code.
To make the repositories appear active and trustworthy, the attackers manipulated GitHub’s activity metrics. They artificially increased the number of “commits”—changes made to a project—to create the illusion of continuous development and improvement.
“To do that, they placed a timestamp file in these repositories, which was updated every few minutes,” Kucherin explained. This tactic was intended to give the impression that the repositories were under active maintenance, making them more appealing to potential victims.
Once downloaded and executed, the fake software injects multiple malicious components into the victim’s system. These include:
Info-stealer malware – Extracts saved credentials, browsing history, and cryptocurrency wallet data, then transmits them to hackers through Telegram.
Clipboard hijackers – Monitors clipboard activity and replaces copied crypto wallet addresses with ones controlled by the attackers, effectively rerouting funds during transactions.
Remote Access Trojans (RATs) – Allows attackers to take control of an infected system, potentially installing additional malware or stealing more data.
The GitVenom campaign has been in operation for at least two years, indicating its effectiveness in luring victims and stealing funds. One notable example occurred in November 2023, when Kaspersky’s investigation uncovered that a hacker-controlled wallet received 5 Bitcoin (BTC), worth approximately $442,000 at current prices.
This suggests that at least one victim unknowingly transferred a large sum to an attacker’s wallet after their clipboard was hijacked.
While GitVenom has been detected worldwide, Kaspersky’s research indicates that Russia, Brazil, and Turkey are among the primary targets of this malware campaign.
These regions have significant cryptocurrency adoption rates, making them attractive hunting grounds for cybercriminals seeking to intercept transactions and steal user credentials.
The Growing Threat of Fake Code Repositories
This attack highlights the increasing use of code-sharing platforms like GitHub as malware distribution hubs. With millions of developers relying on GitHub for open-source projects, cybercriminals exploit trust in the platform to distribute malicious software.
Kaspersky warned that such tactics will likely continue evolving and emphasized the need for greater vigilance when downloading third-party code.
To mitigate the risk of falling victim to fake repositories, Kaspersky’s Kucherin advises developers and users to:
Verify the legitimacy of repositories before downloading any code.
Check the history of commits and contributors—real projects usually have multiple contributors with an established reputation.
Analyze the code before execution to identify any suspicious behavior.
Avoid downloading software from unknown sources and rely on official repositories.
The GitVenom campaign serves as a stark reminder of how cybercriminals exploit open-source platforms to distribute malware and steal sensitive data. As hackers refine their methods, users must remain cautious and skeptical when interacting with code repositories—especially those claiming to offer cryptocurrency-related tools.
With losses already amounting to hundreds of thousands of dollars, developers and crypto users should prioritize cybersecurity awareness to protect themselves from these evolving threats.
Senator Dick Durbin Introduces Crypto ATM Fraud Prevention Bill Amid Rising Scams in the US
Meanwhile, in response to the growing number of fraud cases linked to cryptocurrency ATMs, Illinois Senator Dick Durbin, a Democrat and former chair of the Senate Judiciary Committee, has introduced new legislation aimed at curbing scams and enhancing consumer protections.
The bill, known as the Crypto ATM Fraud Prevention Act, seeks to place “common-sense guardrails” on the more than 30,000 crypto ATMs operating across the United States, a sector that has become a hotbed for financial fraud targeting vulnerable individuals, particularly senior citizens.
Speaking on the Senate floor on Feb. 25, Senator Durbin highlighted a particularly alarming case from one of his Illinois constituents who fell victim to a crypto ATM scam. The fraudster, impersonating an authority figure, falsely claimed that the victim faced a warrant for his arrest and could avoid jail by depositing $15,000 into a cryptocurrency ATM.
Durbin emphasized that this case is not an isolated incident, but rather part of a larger trend of crypto ATM-related fraud that has been increasing across the country.
Under the proposed Crypto ATM Fraud Prevention Act, several key consumer protections and anti-fraud mechanisms would be implemented to curb abuse. These include:
Mandatory Warnings: Crypto ATM operators would be required to display clear warnings about common scams targeting users.
Transaction Limits: Deposits would be capped at $2,000 per day and $10,000 total per customer to prevent scammers from coercing victims into draining their finances in a short period.
First-Time User Protections: New users would receive special protections for the first two weeks after using a crypto ATM, reducing the risk of falling victim to fraudulent schemes.
Verbal Confirmation for Large Transactions: Operators would be required to verbally confirm transactions over $500 with new customers before processing them.
Refund Provisions: Crypto ATM operators would be obligated to offer full refunds to fraud victims in certain circumstances, providing a crucial safety net for those duped by scammers.
These measures aim to strike a balance between regulating the industry and preserving accessibility to cryptocurrency transactions while cracking down on fraudulent activities.
While cryptocurrency scams have taken various forms, the crypto ATM fraud model is a digital evolution of traditional scams that have existed for decades. Criminals often impersonate government officials, law enforcement, or financial institutions, pressuring victims into making payments under false pretenses.
In the past, scammers demanded payments through prepaid gift cards or wire transfers. Today, the rise of crypto ATMs has given fraudsters a new, untraceable method to extort money from unsuspecting victims.
According to FBI data, Americans lost over $5 billion to cryptocurrency-related fraud in 2023, with senior citizens being among the most targeted demographics.
The anonymity and speed of crypto transactions, coupled with the lack of regulatory oversight on crypto ATMs, make them an attractive vehicle for fraudsters.
Senator Durbin’s bill marks one of the first crypto-related legislative proposals introduced in the 119th session of Congress. However, it is unclear whether the Democrat-backed proposal will garner the necessary bipartisan support to pass through the Republican-controlled Congress and secure President Donald Trump’s signature into law.
Cryptocurrency regulation has been a deeply polarizing issue in Washington, with ongoing debates about how to balance consumer protection with innovation in the crypto space. Competing proposals to regulate stablecoins and broader crypto market practices are also being discussed in both the House and Senate.
Meanwhile, crypto ATM operators such as CoinFlip and Bitcoin Depot—two of the largest providers of these machines in the US—have not yet commented on the proposed legislation.
A Step Toward Greater Oversight
While crypto ATMs offer an easy way for users to buy and sell digital assets, they also present a major challenge for fraud prevention due to the irreversible nature of crypto transactions and the lack of standardized regulations.
Durbin’s proposal is a step toward implementing greater oversight, ensuring that crypto adoption does not come at the cost of consumer security. If passed, the Crypto ATM Fraud Prevention Act could set a precedent for future cryptocurrency regulations, particularly around consumer protections and transaction transparency.
As cryptocurrency continues to gain mainstream adoption, regulators and lawmakers will likely introduce more legislation to address fraud, security, and financial risks in the evolving digital asset landscape.
