Security warning for Binance users and builders:
A GitHub repository utilizing the identify UNICORN-Binance-WebSocket-API shouldn't be a reliable UBWA console.
Based mostly on the public startup path, it retrieves, decrypts, levels, and silently executes a Home windows payload.
I keep the respectable UBWA venture separately and documented the technical particulars here:
https://blog.technopathy.club/security-warning-fraudulent-github-repository-impersonating-unicorn-binance-websocket-api
In case you ran that repository on Home windows, treat the host as probably compromised and rotate any exposed credentials.
Edit / Replace: further evaluation indicates that that is probably a part of a broader GitHub malware campaign quite than an isolated fraudulent repository.
I at present have 19 confirmed repositories sharing the same decoded C2, the identical staged Windows payload circulate, and comparable dropper structure.
Comply with-up analysis:
https://blog.technopathy.club/nailproxy-space-github-malware-campaign
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments