Open ArkSeyonet opened 3 years ago
What does the malicious code execute?
We will never know what it executed. The pastebin that it executed remotely was taken down for being malicious in March 2021, and the commit (update v6) where the code was added was made on April 2021.
We believe that someone somewhere released a malicious resource that was copying the malicious code into other resources. The code is hidden when you view the code on Github until you view the raw file, then you can see it.
Interesting. Good find nonetheless, we'll see what happens with regards to updates with the repo.
This is not a bug, but there was no place else to put this information:
We at ESX Framework have been searching through code because people have been posting malicious content via that code, that links to pastebins. Most of these pastebins have been taken down for being malicious.