Had this user try to do a PR on my webbian project in hopes of an auto-accept. They literally have a repo called virus. Reported, of course, but found it funny.
Had this user try to do a PR on my webbian project in hopes of an auto-accept. They literally have a repo called virus. Reported, of course, but found it funny.
I suspect that’s not the actual payload , the
anggur-repo appears to be more suspicious , might try to analyse thathere is the extracted payload : https://gist.github.com/MinekPo1/af9bfd787c35ea5ff8b22165e9a05a6d
the other mentioned repo has the same payload soooo
also : https://github.com/Kingcy78/NEW/blob/main/1#L551-L570
high quality malware !
I can’t help but wonder given the lewd imagery if the name kingcy is a play on “kinky”…
doubt it , since they shorten their username to CY78 , for example on their youtube channel profile or in the vaguely lewd unicode art
Haha, in the past IRC was the way to control puppets, now it seems Telegram is the way. 😅