Malware being served from gitlab

joeyd1man · May 9, 2023, 5:24am

I am unsure what the correct channel is to report instances like this, but this is the one i found.

There is malware being served from:
https://gitlab.com/lksoft/movies/-/raw/main/Movies4k.rar?inline=false

the above link was found from a facebook sponsored ad:

Based on the context of the ad the file supposedly contains some explicit content. but upon downloading the file it is one enourmous .exe file which most likely is remote control software packaged into one bundle.

Please take appropriate action to this. And I apologize about this. I just didn’t find a dedicated report form in my rush.

Best of regards

Joey

iwalker · May 9, 2023, 11:45am

@dnsmichi @gitlab-greg could you take a look at this or forward to the appropriate team that would deal with blocking/removing this kind of stuff?

joeyd1man · May 9, 2023, 12:41pm

I’d be interested in knowing the proper channels to report stuff like this too. Just in case i run into similar situations in the future.

iwalker · May 9, 2023, 12:53pm

@joeyd1man I went and clicked the user making the commits on that repo and in the top right there is the option to report it. I chose the copyright option, since they could be posting downloadable content that is copyrighted, but please feel free to choose appropriate category if you believe it to be different. I then provided the link to the repo in the report and linked this forum post as well as explaining potential copyright abuse and/or posting malware.

They also have another repo sharing content as well. I haven’t found any other possibilities for reporting, other than this.

dnsmichi · May 9, 2023, 1:46pm

Thanks for flagging and reporting. I have shared it internally with the abuse team.

Reporting abuse is documented in Abuse on Gitlab.com | GitLab - for this case, an email with screenshots are potentially the most helpful.

joeyd1man · May 9, 2023, 2:02pm

I have used the report button and have mentioned the entire group lksoft · GitLab because it contained another project that seems to be related to project “movies”. The other project “product” has more explicit clues that the software being uploaded is some sort of spying software (BigSpy). I understand there is possibility for exceptions on malware research, but from what i see there are no efforts to declare that intent in the project whatsoever.

Thank you for the quick action guys.