Malicious URLs on Wiki

Question

Malicious URLs on Wiki

ayancey opened this issue 2 years ago · 5 comments

Hey,

It looks like multiple people are persistently changing the URL on the wiki page for Windows installation from ProxSpace to a malicious remote access trojan.

https://github.com/Proxmark/proxmark3/wiki/Windows

Someone changed the URL from https://github.com/Gator96100/ProxSpace/archive/master.zip to https://github.com/lampii/VideoCaptureUtility/releases/download/42/master.zip

The user keeps changing their name to cover up their tracks.

Answer 1 · 2022-06-19T12:12:13.000Z

@0xFFFF (owner of this repository): Would it make sense to allow Wiki changes to contributors only?

Answer 2 · 2022-06-20T21:47:05.000Z

FYI, this continues to be an issue. The attacker has gone and tried to revert the change I made, re-enabling the malicious link. https://github.com/Proxmark/proxmark3/wiki/Windows/_history

Answer 3 · 2022-06-20T22:12:01.000Z

Some maintainers of Proxmark3 need to step in ASAP, this is a joke that someone is toying with a security researcher project like this

Answer 4 · 2022-06-21T00:03:01.000Z

In response to this particular issue I have enabled:

General / Require contributors to sign off on web-based commits
General / Features / Wikis / Restrict editing to users in teams with push access only

Please inform me (just as @pwpiwi has done) if additional changes are required.

Answer 5 · 2022-06-21T00:29:01.000Z

Thank you. If anyone downloaded and ran that executable, I would highly recommend you nuke your system. The attacker got access to my password manager, and GitHub account while I was away from my computer. I opened an abuse case with GitHub to get the account terminated.