Pinokio-7.2.6-mac.zip

ZIP

BENIGN

AI Legitimate Pinokio Electron application

Mal-ecule

Size 137.0 MB download

First seen 21 days ago

Analyzed 4 days ago

Ecosystem vendor

Source github.com

Objectives

supply-chain/trojanized Node.js package targets credentials for HTTP exfiltration

supply-chain/trojanized/app Node.js package targets credentials for HTTP exfiltration

anti-static/obfuscation/eval Generic Function constructor usage

collection/activity React __reactProps$ scraping

collection/messaging Filters messages for 8 hex codes

command-and-control/backdoor/tasking JS execSync command call

command-and-control/dropper ActiveXObject in modern JavaScript (obsolete API)

credential-access/env/secrets Filters process.env for secret values

discovery/system/fingerprint Hybrid environment (Electron/NW.js) profiling with persistence

impact/wipe QNX Node process kill loop

impact/wipe/disk Wiper with HTTP callback

supply-chain/recon-exfil Writes stolen data to HTTP body

os/random Uses Alea PRNG magic constants

lang/encoded javascript code encoded in string

20 of 307 traits shown

Source	forager
Feed	pinokio
Ecosystem	vendor
Domain	pinokio.computer
URL	https://github.com/pinokiocomputer/pinokio/releases/download/v7.2.6/Pinokio-7.2.6-mac.zip

Not seeing what you expected? Let us know