{"id":11982,"date":"2024-03-26T12:09:35","date_gmt":"2024-03-26T10:09:35","guid":{"rendered":"https:\/\/forklog.com\/en\/github-users-targeted-by-malware-aimed-at-bitcoin-wallet-theft\/"},"modified":"2024-03-26T12:09:35","modified_gmt":"2024-03-26T10:09:35","slug":"github-users-targeted-by-malware-aimed-at-bitcoin-wallet-theft","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/github-users-targeted-by-malware-aimed-at-bitcoin-wallet-theft\/","title":{"rendered":"GitHub Users Targeted by Malware Aimed at Bitcoin Wallet Theft"},"content":{"rendered":"<p>Hackers have targeted GitHub users through a fake Python infrastructure, according to researchers at Checkmarx.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Bro, what??<\/p>\n<p>Over 170,000 users affected through a hijacked GitHub account used to spread info stealer <a href=\"https:\/\/twitter.com\/hashtag\/malware?src=hash&#038;ref_src=twsrc%5Etfw\">#malware<\/a>!<\/p>\n<p>This was a first-of-its-kind &#8220;mirror poisoning&#8221; attack where the attacker distributed a malicious <a href=\"https:\/\/twitter.com\/hashtag\/Python?src=hash&#038;ref_src=twsrc%5Etfw\">#Python<\/a> dependency hosted on a fake Python infrastructure by\u2026 <a href=\"https:\/\/t.co\/oi9pRArxQq\">pic.twitter.com\/oi9pRArxQq<\/a><\/p>\n<p>\u2014 Checkmarx Supply Chain Security (@Cx_SCS) <a href=\"https:\/\/twitter.com\/Cx_SCS\/status\/1772259796336480380?ref_src=twsrc%5Etfw\">March 25, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The malware was disguised as the popular package &#8220;colorama&#8221; and spread among over 170,000 members of the Top.gg community through a compromised account of one of its members.<\/p>\n<p>The attack involved a multi-stage process of executing code from several external sources.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-eu.googleusercontent.com\/2A6gf9UCKPe_FJehLqiWiosq0bEvCj16BVdo_qr4ZrBw36o2v-Dg5p6AOQ7n2oPOe1vkNEOBAZaBdtgePAURRdySTB5RWTLct83aFhjn6GN2qpcqlJIRuJsiJ9qmmKWY0jg0zQE-D53WYlOYwEDG3aI\" alt=\"GitHub Users Targeted by Malware Aimed at Bitcoin Wallet Theft\"\/><figcaption class=\"wp-element-caption\">Source: Checkmarx.<\/figcaption><\/figure>\n<p>The malware aimed to steal data from browsers, Discord, Instagram, Telegram sessions, files, and cryptocurrency wallets. Additionally, a keylogger component allowed attackers to capture keystrokes to steal passwords, private messages, and financial data.<\/p>\n<p>Earlier in March, researchers at Apiiro discovered 100,000 malicious repositories uploaded to GitHub to infect developers with an info stealer.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hackers have targeted GitHub users through a fake Python infrastructure, according to researchers at Checkmarx. Bro, what?? Over 170,000 users affected through a hijacked GitHub account used to spread info stealer #malware! This was a first-of-its-kind &#8220;mirror poisoning&#8221; attack where the attacker distributed a malicious #Python dependency hosted on a fake Python infrastructure by\u2026 pic.twitter.com\/oi9pRArxQq [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":11981,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1456],"class_list":["post-11982","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-github"],"aioseo_notices":[],"amp_enabled":true,"views":"18","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/11982","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=11982"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/11982\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/11981"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=11982"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=11982"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=11982"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}