Security warning for Binance customers and developers:
A GitHub repository using the identify UNICORN-Binance-WebSocket-API isn't a authentic UBWA console.
Based mostly on the general public startup path, it retrieves, decrypts, levels, and silently executes a Windows payload.
I keep the authentic UBWA challenge separately and documented the technical particulars here:
https://blog.technopathy.club/security-warning-fraudulent-github-repository-impersonating-unicorn-binance-websocket-api
For those who ran that repository on Windows, treat the host as probably compromised and rotate any uncovered credentials.
Edit / Update: additional evaluation signifies that this is probably part of a broader GitHub malware marketing campaign relatively than an isolated fraudulent repository.
I at present have 19 confirmed repositories sharing the same decoded C2, the same staged Home windows payload move, and comparable dropper structure.
Comply with-up analysis:
https://blog.technopathy.club/nailproxy-space-github-malware-campaign
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
💰 Install these recommended apps:
💲 SocialGood - 100% Crypto Back on Everyday Shopping
💲 xPortal - The DeFi For The Next Billion
💲 CryptoTab Browser - Lightweight, fast, and ready to mine!
💰 Register on these recommended exchanges:
🟡 Binance🟡 Bitfinex🟡 Bitmart🟡 Bittrex🟡 Bitget
🟡 CoinEx🟡 Crypto.com🟡 Gate.io🟡 Huobi🟡 Kucoin.
Comments