|
|
|
|
|
|
by tom1337
11 days ago
|
|
|
Looking at the setup.js it seems to be an infostealer which posts the found details to a newly created github repo (on the victims account) or a command and control server. As far as I can tell it looks for github secrets and kubernetes cluster secrets. |
|
|