While I may publish a more complete blog post about this later
I also sent this on twitter to make #Github aware of it quicker
However I felt that I should also publish it here.
I recently came upon this post on reddit: https://www.reddit.com/r/cybersecurity_help/comments/196qhup/how_do_i_remove_this_malware/
Which awakened my curiosity about this user who has quite a few repo's with multiple stars: github[.]com/AppsForDesktop
looking at their profile I noticed various repo's claiming to be desktop app for various popular websites and apps.
When I investigated these repo's in my sandboxes I discovered they installed the file: cnertucbrcaj[.]exe and performed various persistence techniques,
Adding several exclusions to defender
and uninstalling various windows security components such as MRT.
After which it of course connected to various Monero mining pools.
#malware #cybersecurity #cryptominers #cybersec #securityresearch
Comments
Displaying 0 of 0 comments