Cybersecurity firm Kaspersky has issued a warning about a large-scale malware campaign targeting GitHub users. Hackers have created hundreds of fake repositories to deceive users into downloading malware designed to steal cryptocurrency, login credentials, and browsing data. The campaign, known as ‘GitVenom,’ uses fraudulent projects that appear legitimate, offering tools like a Telegram bot for managing Bitcoin wallets or an Instagram automation tool. However, these projects run malicious software in the background, including remote access trojans (RATs), info-stealers, and clipboard hijackers.
The fake repositories were made to look convincing by including detailed documentation and manipulated version histories, which were designed to mimic active development. Despite appearing professional, these projects fail to deliver their promised functions while quietly extracting sensitive information from users. Kaspersky’s investigation revealed that some of these malicious repositories have been active for at least two years, suggesting the attackers have successfully lured victims over an extended period.
Once users have downloaded the malware, it targets saved login details, cryptocurrency wallet information, and browsing history, sending the stolen data to the attackers via Telegram. Some malware even hijacks clipboard contents, replacing cryptocurrency wallet addresses with those controlled by the hackers, potentially redirecting funds. The campaign has caused considerable impact, with one documented case involving the theft of five Bitcoins, worth around $442,000.
Although the GitVenom campaign has been detected worldwide, it has particularly affected users in Russia, Brazil, and Turkey. Kaspersky warns that, given GitHub’s popularity among developers, hackers are likely to continue using fake software projects as a method of infection.
For more information on these topics, visit diplomacy.edu.
Following the recent security breach at Bybit, major cryptocurrency firms have joined forces to combat the attack and mitigate its impact. Bybit’s CEO, Ben Zhou, confirmed that both centralised and decentralised finance leaders, such as Orbiter and SynFutures, quickly moved to blacklist the attacker’s addresses. Chainalysis also tracked and published wallet addresses linked to the exploit.
Blockchain security companies, including SIS and Zero Shadows, intensified efforts to block malicious transactions and trace the perpetrators, while institutional traders such as TMSI and Cumberland provided support to stabilise the market. Several DeFi protocols, including Lido Finance and Solana Foundation, also extended their assistance.
Zhou praised the swift collaboration from industry players, calling it a testament to the cryptocurrency sector’s resilience. The exchange has since launched a recovery bounty programme, offering up to 10% of recovered funds. Bybit is working hard to enhance its security infrastructure following the breach.
Investigations have pointed to North Korea’s Lazarus Group as the likely culprit behind the attack, which exploited Bybit’s Ethereum multisig cold wallet. This group is also connected to other high-profile crypto hacks, including the 2022 DMM Bitcoin exchange breach.
For more information on these topics, visit diplomacy.edu.
Hackers have stolen $1.5 billion from Dubai-based cryptocurrency exchange Bybit in what is believed to be the largest digital heist in history. The attacker gained access to an Ethereum wallet during a routine transfer and moved the funds to an unknown address, sparking concerns across the cryptocurrency sector.
Bybit quickly reassured users that their funds remained secure, with chief executive Ben Zhou pledging to fully compensate affected customers. Despite this, the platform saw a surge of over 350,000 withdrawal requests, leading to potential delays. The company remains solvent, holding $20 billion in customer assets and is prepared to cover losses if necessary.
The price of Ethereum briefly dipped by nearly 4% following the breach but has since stabilised. Bybit has called upon leading cybersecurity experts to assist in recovering the stolen assets, offering a reward of up to $140 million. Speculation has emerged regarding the hackers’ identity, with reports suggesting possible links to the North Korean state-sponsored Lazarus group known for previous large-scale cryptocurrency thefts.
For more information on these topics, visit diplomacy.edu.
OpenAI has removed accounts linked to users in China and North Korea over concerns they were using ChatGPT for malicious activities.
The company cited cases of AI-generated content being used for surveillance, influence campaigns, and fraudulent schemes. AI tools were employed to detect the operations.
Some accounts produced news articles in Spanish that criticised the US and were later published under a Chinese company’s byline. Others, potentially connected to North Korea, created fake resumes and online profiles in an attempt to secure jobs at Western firms.
A separate operation, believed to be tied to financial fraud in Cambodia, used ChatGPT to generate and translate comments on social media.
The US government has raised concerns over China’s use of AI to spread misinformation and suppress its population. Security risks associated with AI-driven disinformation and fraudulent activities have led to increased scrutiny of how such tools are being used globally.
OpenAI’s ChatGPT remains the most widely used AI chatbot, with over 400 million weekly active users. The company is also in discussions to secure up to $40 billion in funding, which could set a record for a private firm.
For more information on these topics, visit diplomacy.edu.
Australia’s eSafety Commission has fined messaging platform Telegram A$1 million ($640,000) for failing to respond promptly to questions regarding measures it took to prevent child abuse and extremist content. The Commission had asked social media platforms, including Telegram, to provide details on their efforts to combat harmful content. Telegram missed the May 2024 deadline, submitting its response in October, which led to the fine.
eSafety Commissioner Julie Inman Grant emphasised the importance of timely transparency and adherence to Australian law. Telegram, however, disagreed with the penalty, stating that it had fully responded to the questions, and plans to appeal the fine, which it claims was solely due to the delay in response time.
The fine comes amid increasing global scrutiny of Telegram, with growing concerns over its use by extremists. Australia’s spy agency recently noted that a significant portion of counter-terrorism cases involved youth, highlighting the increasing risk posed by online extremist content. If Telegram does not comply with the penalty, the eSafety Commission could pursue further legal action.
For more information on these topics, visit diplomacy.edu.
Two men have been charged in connection with a cryptocurrency fraud that saw a 75-year-old man from Aberdeenshire lose more than £100,000. The case, reported to police in July, led to an extensive investigation by officers from the north east division CID.
Following inquiries, officers travelled to Coventry and Mexborough on Tuesday, working alongside colleagues from West Midlands Police and South Yorkshire Police.
The coordinated operation resulted in the arrests of two men, aged 36 and 54, who have now been charged in relation to the fraud allegations.
Police have not yet disclosed details of how the scam was carried out, but cryptocurrency frauds often involve fake investment schemes, phishing scams, or fraudulent trading platforms that lure victims into handing over money with promises of high returns.
Many scams also exploit a lack of regulation in the digital currency sector, making it difficult for victims to recover lost funds.
Authorities have urged the public to remain vigilant and report any suspicious financial activity, particularly scams involving cryptocurrencies.
For more information on these topics, visit diplomacy.edu.
Norwegian prosecutors have charged four individuals for their role in a massive fraud and money laundering operation that deceived thousands of victims worldwide. Authorities say the scheme collected over 900 million kroner ($86–87 million), with more than 700 million kroner laundered through a Norwegian law firm before being transferred to accounts in Asia.
The scam operated as a multi-level marketing structure, with victims recruited to buy “product packages” containing cryptocurrency and company shares. Investors were promised profits from gas fields, mining, and real estate, but investigators say no real investments were made. Instead, new deposits funded payouts to earlier investors, fitting the classic Ponzi scheme model.
Officials revealed that financial professionals, including lawyers and accountants, helped to conceal the money flow, making the fraud harder to detect. Europol has warned that financial crimes like these are a growing global threat, with fraud and money laundering acting as the driving force behind organised crime.
Despite the cross-border nature of the operation, Norwegian authorities stress that those responsible will be prosecuted, no matter where their victims are located. The case highlights the increasing use of professional services to facilitate fraud, a challenge that law enforcement agencies worldwide are struggling to tackle.
For more information on these topics, visit diplomacy.edu.
Law enforcement agencies must ensure public understanding of the need for expanded investigative powers to effectively combat the increasing scale and complexity of cybercrime, Europol’s chief Catherine De Bolle stated at the Munich Cyber Security Conference.
De Bolle emphasised that cybercriminal activity is not only growing in volume but also evolving in sophistication, leveraging both traditional telecom infrastructure and advanced digital tools, including dark web marketplaces. In response, she underscored the necessity for law enforcement agencies to strengthen their technical capabilities. However, she noted that implementing large-scale investigative measures must be balanced with maintaining public confidence in state institutions.
De Bolle further stressed the need for stronger collaboration between government agencies, private sector entities, and international organisations to address cyber threats effectively. As cybercrime and state-sponsored cyber activities increasingly overlap, she advocated for a shift away from fragmented approaches, calling for ‘multilateral responses’ to improve collective cybersecurity readiness.
For more information on these topics, visit diplomacy.edu.
Argentine President Javier Milei has denied endorsing the LIBRA meme coin, which recently surged in value before collapsing, leaving investors with heavy losses. He stated that he merely shared information about the token and never encouraged people to buy in. According to Milei, only a few Argentine investors were affected, with most traders coming from China and the US. He disputed reports that 44,000 people lost money, insisting the real number was closer to 5,000, primarily experienced traders who understood the risks.
Milei explained that Hayden Davis, one of LIBRA’s backers, had proposed a financial structure to support entrepreneurs struggling to secure funding. Seeing potential in the idea, he simply helped spread awareness. However, after facing political backlash, Milei admitted he must be more cautious about his public statements, acknowledging that he still acts as he did before becoming president and needs to be less accessible.
The controversy has rattled Argentina’s political and financial landscape, with opposition leaders accusing Milei of misleading the public and calling for his removal. The anti-corruption office has launched an investigation, alongside a legal probe led by Federal Judge María Servini. Meanwhile, Argentina’s financial markets took a hit, with the S&P Merval stock index dropping by 5%. Despite Milei’s insistence that he acted in good faith, scrutiny of his administration continues to intensify.
For more information on these topics, visit diplomacy.edu.
A new report from Google states that cybercrime continues to expand, intersecting with state-backed cyber operations. Released ahead of the Munich Security Conference, research from Google’s Threat Intelligence Group and Mandiant outlines findings from their investigations in 2024 and trends observed over the past four years.
In 2024, Mandiant consultants responded to nearly four times as many incidents involving financially motivated actors compared to state-backed intrusions. However, the report notes that state-affiliated groups are increasingly leveraging cybercriminal tools and services, and at the same time ‘cybercrime receives much less attention from national security practitioners than the threat from state-backed groups‘.
According to Google, financially motivated and state-backed cyber activities are becoming more interconnected. Cybercriminal ecosystems facilitate the acquisition of malware, vulnerabilities, and operational support, offering lower-cost alternatives to state-developed capabilities.
The report emphasises that while cybercrime and state-backed cyber operations increasingly overlap, responses to these threats require distinct strategies. Cybercrime often involves networks operating across jurisdictions, necessitating international collaboration to address its impact effectively.
For more information on these topics, visit diplomacy.edu.
