Malicious actors are making hundreds of fake projects on GitHub aiming to snare private info through crypto and credential-stealing malware, says Kaspersky.