Loading prices…
〽️NEUTRAL

Kaspersky Warns of New Crypto-Stealing Malware on GitHub

The campaign abuses developer trust, posing as legitimate projects to slip infostealers past crypto investors who download what looks like routine open-source tooling.

Kaspersky researchers identified a new malware campaign targeting crypto investors through fraudulent GitHub repositories and social engineering. The attackers pose as legitimate open-source projects, tricking developers and crypto users into downloading code that drops an infostealer on the host machine.

Why it matters

Open-source distribution has become one of the most effective delivery channels for crypto-focused malware because the trust model is built on reputation rather than verification. A repo that looks professional, has plausible commit history, and references a real project name is enough to get past a hurried download. Seed phrases, browser wallet extensions, and exchange credentials all live on the same machines developers use to clone a repo, so a single bad pull is enough to drain funds.

Market impact

Crypto-specific losses from stealer malware climbed sharply through 2025, and developer-targeted supply chain attacks have produced some of the year's largest individual incidents. The recurring read for investors is operational: keep cold storage off the same machine used for development, scope token approvals, and treat every GitHub download as untrusted until verified.

Frequently asked questions

  1. What did Kaspersky actually discover?

    Kaspersky researchers identified a new malware campaign targeting crypto investors through fraudulent GitHub repositories and social engineering, posing as legitimate open-source projects to distribute an infostealer.

  2. How does the attack reach crypto users?

    Attackers publish fake repositories that look like legitimate projects. When a developer or crypto user clones the repo and runs the code, it drops an infostealer on the host machine.

  3. What does the malware try to steal?

    The infostealer targets browser wallet extensions, exchange credentials, and any seed phrases stored on the infected machine.

  4. Why is GitHub a useful delivery channel for crypto malware?

    Open-source trust is built on repository reputation rather than verification. A professional-looking repo with plausible commit history can pass a hurried download without raising suspicion.

  5. How can crypto users reduce the risk?

    Keep signing keys on air-gapped hardware, scope token approvals tightly, and treat unfamiliar GitHub downloads as compromised until independently verified.

Source attribution
Aggregated from CoinTelegraph · Verified · Last refreshed 3h ago
Open original →