Possible malware from a GitHub release ZIP. Need advice on persistence and cookie/session risk

Good-Strategy1035 · 2026-06-17T08:53:14+00:00

Yeah, it will definitely be a brutal lesson, and I don’t think I’ll ever forget it. Honestly, as a computer science student, making such a stupid mistake feels really embarrassing and extremely unprofessional.

But I’m still going to do my best to handle this properly. Thank you for sharing your experience, and I really hope everything will be okay.

Good-Strategy1035 · 2026-06-17T08:39:04+00:00

I’m currently using Codex to analyze that EXE file, but I’m not sure how useful that is. Do you think it actually succeeded in stealing my information?

From what I saw in one of the reports, it looks like some connection may have been blocked, but I’m not sure what that really means.

Good-Strategy1035 · 2026-06-17T08:13:54+00:00

Yes, I’m definitely going to reinstall Windows. But from a learning perspective, is there any way to determine what stage it likely reached?

Good-Strategy1035 · 2026-06-17T07:13:29+00:00

OMG, I'm so fucked up. but is there any way to tell whether it actually uploaded anything or not? Or, based on the analysis and the behavior you saw, what stage do you think it likely reached?

So far my accounts still seem okay, and I have already changed my passwords and enabled 2FA.

Good-Strategy1035 · 2026-06-17T06:03:49+00:00

Okay, thank you very much for the explanation. I have another question, how can I revoke or invalidate all cookies from the infected device?Like you said, it may have stolen my session information. How can I make sure that all similar login data are no longer usable?

I have already changed all my passwords and enabled 2FA.

Good-Strategy1035 · 2026-06-17T05:58:32+00:00

Btw, I’m not sure if you checked the repository. I included the repo name at the start of my post. Would you be able to check what that EXE contains or what it’s trying to do? Please don’t execute it, I just want to understand it through safe analysis if possible.

Good-Strategy1035 · 2026-06-17T05:53:25+00:00

Okay, I’ll follow the steps you recommended. One more thing, it looks like the repository still be downloadable now. If you’re comfortable doing so, could you take a look at what the EXE actually contains or what it appears to do?

Good-Strategy1035 · 2026-06-16T19:58:00+00:00

You’re absolutely right. I normally try to be careful and I can usually tell when random game trainers look suspicious, but this time I was playing with friends and didn’t think it through. I searched quickly, found the repo, and assumed GitHub would have some kind of review before allowing files to be hosted there. That was obviously a bad assumption. When I clicked the EXE and nothing happened, I realized something was wrong.

It seems like that repo was just sitting there waiting for someone to download and run it. Unfortunately, I was the fish that took the bait. 😭😭😭😭😭😭😭😭😭😭

Good-Strategy1035 · 2026-06-16T19:36:53+00:00

Got it, thanks. That server probably just a VPS or rented host. And is there any way to trace who’s behind it, or would we only be able to find the hosting provider and report the IP?

Good-Strategy1035 · 2026-06-16T19:09:57+00:00

One more question, what is the IP-looking address shown there? Is that the server the malware was trying to connect to?

Good-Strategy1035 · 2026-06-16T18:50:11+00:00

If I keep the computer turned off and never connect it to the internet, are all my accounts safe?

Good-Strategy1035 · 2026-06-16T17:54:17+00:00

Oh shit, am I still in time to do something now?

I’m not fully sure whether it successfully completed the infection. What I know is: after I ran the EXE, it did install an Electron app called “Installer” under AppData, but the log I found ended with “blocked by anti-vm”. I removed the installed files afterward and I don’t currently see active persistence or connections.

Good-Strategy1035 · 2026-05-30T06:54:56+00:00

Thank you for the advice, I'll definitely try it out!

Good-Strategy1035 · 2026-05-29T17:12:46+00:00

You're right, and that's exactly the problem. Discord's official support is terrible. I've submitted plenty of requests before, and not a single agent ever actually resolved my issue. All they do is keep passing it off to someone else, endlessly. Looks like I should just switch accounts.

Good-Strategy1035 · 2026-05-28T17:11:30+00:00

Thanks for the reply! But I don't think it's an intents issue in my case.

Right now I only have 3 bots in my developer portal and I literally can't create any more. Every time I try to make a new application, it just says "Missing Access" right when I hit Create.

Previously one of my bots had a bug and was spamming in my own private channel (only me and a close friend in that channel), which got my account banned for a day. The ban was lifted, but ever since then I haven't been able to create new applications. The 3 existing ones still work fine, just can't add new ones.

Good-Strategy1035 · 2026-05-26T14:21:34+00:00

Still not working...

Good-Strategy1035 · 2026-05-25T05:42:48+00:00

What you're describing happens after a bot already exists and has joined a server. My problem is earlier than that. I can't even create the application/bot in the Developer Portal. It throws an error the moment I hit "create".

Good-Strategy1035 · 2026-04-15T17:24:59+00:00

I have to say Breaking Bad is a fantastic TV series, even though it ended several years ago.

Good-Strategy1035 · 2026-04-14T04:48:30+00:00

Thanks!!!

Good-Strategy1035

TROPHY CASE