Dismantling a Crappy Malware Operation

You mentioned they were using Dropbox to distribute the malware—did you follow up with them? What about the university?

I am surprised and also not surprised that they had approximately 0 OPSEC related to their hustle.

Nice, but I have to wonder why Github acted on this so fast... I reported one account spreading Python based malware 2 months ago and the account was still there up until last week.

Great work! - though the redaction of names / university is very leaky if that is a concern (particularly if you have some knowledge of common Vietnamese naming patterns)

Really fun analysis, wasn't aware that Python scripts could be packaged into an executable until now, learned something new. Thanks for sharing!

Incredible detective work!<p>Why would discord let anyone delete a webhook?<p>I&#x27;d think anyone can post to the webhook, but you need to be authorized to modify it.

Did they have &quot;malware development and distribution&quot; on their resume?

As mentioned in the article anyone can delete a malicious webhook.<p><a href="https:&#x2F;&#x2F;webhooks.scam.gay&#x2F;" rel="nofollow">https:&#x2F;&#x2F;webhooks.scam.gay&#x2F;</a> is a site that makes it easy to do for people who want a tool do it for them.

Great work!