Modularis1
commented
1 year ago The Development Kit (legacy) page is also affected and I have removed ipgrabbing links
Closed Modularis1 closed 1 year ago
Modularis1
commented
1 year ago The Development Kit (legacy) page is also affected and I have removed ipgrabbing links
larskanis
commented
1 year ago Thank you @Modularis1 for fixing this! I think you caught all affected links. I set the permissions of the wiki to contributors only now.
The home page of the wiki was edited recently to contain an iplogger link, and the Development Kit page was edited to include an iplogger link and far more concerningly links to a fake msys2 installer uploaded to a different github. This installer drops the NetSupport RAT among other nasty things for infostealing and command and control.
Likely the entire wiki needs to be reviewed for malware / malicous links - I have removed the ones that i have identified from the Home and Development Kit pages but the correct links need to be added again (see revision history).
This situation is very concerning as anyone who downloaded and ran the fake msys2 installer linked on the development kit page now has a compromised system - the file has a large amount of padding to evade detection by AV and in my testing the default Windows Defender was not concerned by it.