Had this user try to do a PR on my webbian project in hopes of an auto-accept. They literally have a repo called virus. Reported, of course, but found it funny.
Had this user try to do a PR on my webbian project in hopes of an auto-accept. They literally have a repo called virus. Reported, of course, but found it funny.
I suspect that’s not the actual payload , the
anggur-repo appears to be more suspicious , might try to analyse thathere is the extracted payload : https://gist.github.com/MinekPo1/af9bfd787c35ea5ff8b22165e9a05a6d
Haha, in the past IRC was the way to control puppets, now it seems Telegram is the way. 😅
the other mentioned repo has the same payload soooo
also : https://github.com/Kingcy78/NEW/blob/main/1#L551-L570
high quality malware !
I can’t help but wonder given the lewd imagery if the name kingcy is a play on “kinky”…
doubt it , since they shorten their username to CY78 , for example on their youtube channel profile or in the vaguely lewd unicode art