Had this user try to do a PR on my webbian
project in hopes of an auto-accept. They literally have a repo called virus
. Reported, of course, but found it funny.
I suspect that’s not the actual payload , the
anggur-
repo appears to be more suspicious , might try to analyse thathere is the extracted payload : https://gist.github.com/MinekPo1/af9bfd787c35ea5ff8b22165e9a05a6d
the other mentioned repo has the same payload soooo
also : https://github.com/Kingcy78/NEW/blob/main/1#L551-L570
high quality malware !
I can’t help but wonder given the lewd imagery if the name kingcy is a play on “kinky”…
doubt it , since they shorten their username to CY78 , for example on their youtube channel profile or in the vaguely lewd unicode art
... rm -rf /sdacrd/androind ...
I don’t even think this guy tested his own virus lol
maybe it was all crappy and obvious on purpose, to prove how easy it could be
True. Good way to get people to take action if you wanted the projects you’re invested secured lol.