Xavier Knol :verified_paw: :donor:
Contacting Xavier Knol :verified_paw: :donor:
Federation handle:
@XEJKnol@infosec.exchange
Xavier Knol :verified_paw: :donor:'s Information
|
Github |
|
|
|
|
|
|
Xavier Knol :verified_paw: :donor:'s Bio
Hello I am Xavier and welcome to my profile.
My interests include: #science #politics #IT #ComputerScience #OSINT #infosec #cybercrime
Disclaimer: Views expressed are my own and do not represent those of my employer.
infosec.exchange donor :donor:
Xavier Knol :verified_paw: :donor:'s Posts
Xavier Knol :verified_paw: :donor: has 2 posts.
Pinned
Xavier Knol :verified_paw: :donor:
While I may publish a more complete blog post about this later
I also sent this on twitter to make #Github aware of it quicker
However I felt that I should also publish it here.
I recently came upon this post on reddit: https://www.reddit.com/r/cybersecurity_help/comments/196qhup/how_do_i_remove_this_malware/
Which awakened my curiosity about this user who has quite a few repo's with multiple stars: github[.]com/AppsForDesktop
looking at their profile I noticed various repo's claiming to be desktop app for various popular websites and apps.
When I investigated these repo's in my sandboxes I discovered they installed the file: cnertucbrcaj[.]exe and performed various persistence techniques,
Adding several exclusions to defender
and uninstalling various windows security components such as MRT.
After which it of course connected to various Monero mining pools.
#malware #cybersecurity #cryptominers #cybersec #securityresearch
Tags: #malware #cybersecurity #cryptominers #cybersec #securityresearch #github
Likes: 0
Replies: 0
Boosts: 0
Xavier Knol :verified_paw: :donor:
In response to this post@gsuberland it has really gone down hill the past couple of years unfortunatly.
Mentions: @gsuberland@chaos.social
Likes: 0
Replies: 0
Boosts: 0
Xavier Knol :verified_paw: :donor:
While I may publish a more complete blog post about this later
I also sent this on twitter to make #Github aware of it quicker
However I felt that I should also publish it here.
I recently came upon this post on reddit: https://www.reddit.com/r/cybersecurity_help/comments/196qhup/how_do_i_remove_this_malware/
Which awakened my curiosity about this user who has quite a few repo's with multiple stars: github[.]com/AppsForDesktop
looking at their profile I noticed various repo's claiming to be desktop app for various popular websites and apps.
When I investigated these repo's in my sandboxes I discovered they installed the file: cnertucbrcaj[.]exe and performed various persistence techniques,
Adding several exclusions to defender
and uninstalling various windows security components such as MRT.
After which it of course connected to various Monero mining pools.
#malware #cybersecurity #cryptominers #cybersec #securityresearch
Tags: #malware #cybersecurity #cryptominers #cybersec #securityresearch #github
Likes: 0
Replies: 0
Boosts: 0