VERY IMPORTANT

The GitVenom campaign involves threat actors creating hundreds of fake repositories on GitHub containing malicious code disguised as legitimate projects. These repositories include well-designed README files and artificially inflated commit numbers to appear genuine. The malicious code, implemented in various programming languages, downloads and executes further malicious components from attacker-controlled repositories. These components include a Node.js stealer, AsyncRAT, Quasar backdoor, and a clipboard hijacker targeting cryptocurrency transactions. The campaign has been active for several years, with infection attempts observed worldwide, particularly in Russia, Brazil, and Turkey. The attackers' tactics highlight the importance of carefully examining third-party code before integration or execution.