Kaspersky researchers discovered GitVenom campaign distributing stealers and open-source backdoors via fake GitHub projects.