Safety warning for Binance customers and developers:
A GitHub repository utilizing the identify UNICORN-Binance-WebSocket-API isn't a authentic UBWA console.
Based mostly on the public startup path, it retrieves, decrypts, levels, and silently executes a Windows payload.
I keep the authentic UBWA challenge separately and documented the technical details here:
https://blog.technopathy.club/security-warning-fraudulent-github-repository-impersonating-unicorn-binance-websocket-api
For those who ran that repository on Windows, treat the host as probably compromised and rotate any uncovered credentials.
Edit / Update: additional evaluation indicates that that is doubtless part of a broader GitHub malware marketing campaign quite than an isolated fraudulent repository.
I at present have 19 confirmed repositories sharing the identical decoded C2, the identical staged Windows payload stream, and comparable dropper architecture.
Comply with-up evaluation:
https://blog.technopathy.club/nailproxy-space-github-malware-campaign
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments