MS-Framework icon indicating copy to clipboard operation
MS-Framework copied to clipboard
verified publisher icon morais5

Hidden Malicious Code

Open ArkSeyonet opened this issue 4 years ago • 3 comments

This is not a bug, but there was no place else to put this information:

image

We at ESX Framework have been searching through code because people have been posting malicious content via that code, that links to pastebins. Most of these pastebins have been taken down for being malicious.

ArkSeyonet avatar Jun 18 '21 13:06 ArkSeyonet

What does the malicious code execute?

ApolloStudios0 avatar Jun 19 '21 23:06 ApolloStudios0

We will never know what it executed. The pastebin that it executed remotely was taken down for being malicious in March 2021, and the commit (update v6) where the code was added was made on April 2021.

We believe that someone somewhere released a malicious resource that was copying the malicious code into other resources. The code is hidden when you view the code on Github until you view the raw file, then you can see it.

ArkSeyonet avatar Jun 20 '21 03:06 ArkSeyonet

Interesting. Good find nonetheless, we'll see what happens with regards to updates with the repo.

ApolloStudios0 avatar Jun 23 '21 10:06 ApolloStudios0