Malware Campaign Abuses GitHub, YouTube, and VirusTotal to Steal Cryptocurrency

Cybercriminals have been found to be abusing popular platforms such as GitHub, YouTube, and VirusTotal to spread cryptocurrency-stealing malware. The attackers packaged the malware as tools designed to help users make money through trading and gambling.

The tools, which included cryptocurrency sniper bots and gambling 'predictors', claimed to identify winning opportunities before other traders or forecast the outcome of online betting games. However, instead of delivering quick profits, they delivered Rust-based clipboard hijackers that monitor the clipboard for cryptocurrency wallet addresses and replace them with attacker-controlled addresses.

The operation involved creating a sense of legitimacy by manipulating sentiment and reputation on platforms like VirusTotal. The attackers used 'Ghost Networks', coordinated accounts to boost stars, reviews, downloads, and other signs of popularity around the malicious tools.