Cybersecurity researchers pay attention to the current company aimed Located on GitHub.
A company that covers hundreds of shelters was christened Movable Casper.
“Infected projects include automation tool to interact with Instagram accounts, telegrams that allow Bitcoin wallets remotely and cracking tool for a valiant game,” the Russian supplier said.
“All of these alleged functions of the project were fake, and cybercrime behind the company stole personal and bank data, as well as expelled Cryptowalt from the clipboard.”
The theft of 5 bitcoins, approximately $ 456,600, contributed to the theft of 5 bitcoins. It is believed that the company lasts at least two years when some fake projects have been published. Most of the attempts of infection were recorded in Russia, Brazil and Turkey.
The projects in question are written in different programming languages, including Python, JavaScript, C, C ++ and C#. But regardless of the language used, the ultimate goal is the same: launch a built -in harmful load, which is responsible for obtaining additional components from the Github repository controlled and their execution.
Among these modules known is the theft of Node.js information, which collects passwords, information about the bank account, stored accounting data, cryptocurrency wallet data and website viewing history; squeezes them into the archive .7z and sets it to the threatening subjects through the telegram.
Also loaded via Bogus GitHub Projects – these are deleted instruments for administration as Assembly and Quasar rat that can be used for command infected hosts and Malicious software for Clipper This can replace Wallet, which is addressed to the clipboard with a wallet belonging to the enemy to redirect digital assets to the actor threatens.
“Because the platforms of codes, such as GitHub, are used by millions of developers around the world, in the future actors will certainly continue to use fake software as a bait infection,” said Kaspersky Kurin researcher.
“For this reason, it is very important to handle the processing of the third code very carefully. Before trying to run such a code or integrate it into an existing project, the main thing is to carefully check what actions are performed.”
Development comes when Bitdefender showed that scammers exploit major e-sport tournaments such as IEM Katowice 2025 and PGL CLUJ-Napoca 2025 to focus on the popular Counter-Strike 2 (CS2) players.
“According to YouTube accounts to present themselves professional players such as S1MPLE, Niko and Donk, cybercrations seize fans in falsification of CS2 skin distribution, which lead to stolen accounts of pairs, theft of cryptocurrencies and losses of valuables” ” in Cyber Sun, “Loss of valuable items in the game”, “Roman cyber-authorization,” Roman cyber-auto – Note.
