Zero Point LogoZero Point

Hackers Use Fake GitHub Repositories to Steal Bitcoin and Personal Data

By Vinayak Dhanwai2/28/2025
Hackers Use Fake GitHub Repositories to Steal Bitcoin and Personal Data
#CyberSecurity
#GitHubScam
#BitcoinTheft

Cybersecurity experts have uncovered a dangerous hacking campaign called GitVenom, which has stolen nearly $456,000 in Bitcoin by tricking people with fake GitHub projects.

How the Scam Works

Hackers created hundreds of fake repositories on GitHub, claiming to offer useful tools like:

  • A bot for managing Instagram accounts
  • A remote tool for handling Bitcoin wallets via Telegram
  • A cracked version of the popular game Valorant

However, these projects were completely fake. Instead of delivering useful software, they installed malware that stole personal data, banking details, and cryptocurrency wallet addresses. The hackers targeted people in Russia, Brazil, and Turkey, and the scam has been running for at least two years.

How the Malware Works

The malicious software was found in projects written in Python, JavaScript, C, C++, and C#. Regardless of the language, all of them had the same goal—infect computers and steal data.

One of the key malware modules used in this campaign is a Node.js information stealer, which:

  • Collects passwords, banking details, and cryptocurrency wallets
  • Saves the stolen data in a compressed file
  • Sends the file to hackers through Telegram

Additionally, the malware installs remote administration tools like AsyncRAT and Quasar RAT, allowing hackers to control infected computers. Another dangerous tool, called a clipper malware, can replace copied wallet addresses with the hacker's address, causing victims to unknowingly send their funds to the attacker.

More Cyber Threats in Gaming

In a related discovery, cybersecurity firm Bitdefender warned that scammers are targeting esports fans during tournaments like IEM Katowice 2025 and PGL Cluj-Napoca 2025. Hackers have been hijacking YouTube accounts to impersonate famous Counter-Strike 2 (CS2) players like s1mple, NiKo, and donk. They trick fans into fake CS2 skin giveaways, resulting in stolen Steam accounts, cryptocurrency theft, and loss of valuable in-game items.

With platforms like GitHub widely used by developers, cybercriminals are expected to continue using fake software as a lure for spreading malware.