I downloded this program : https://github.com/githuob/SpyNote-v6.5-Cracket-2020
when i’d run AndroidTester_v6.4.6.exe this program MpCmdRun2.exe will be creted in TEMP and used a TCP connection “22.214.171.124”
so why it used TCP connection
is it a Payload Trojan for hack people ??
Thanks for letting us know! I’ve passed your report on to be investigated.
Moved this thread to Uncategorized, as there isn’t any relation to GitHub Actions.
I thought that you would move to stop the virus, my device and many others devices where hacked because of your platform and did not move yet !!
at first, i throught that you as programmers would check any program that might be uploaded before make it public
i detected also an injection in my /RUN/ in registry for run the trojan
i don’t know how to check the memory process maybe the payload injected in my memory
This is being investigated. I’m afraid these do take some time.