Loading...
Loading...
Recognizes and warns about fraudulent "cracked" security software repositories that distribute malware
npx skill4agent add aradotso/security-skills malware-awareness-bitdefender-crack-fraudSkill by ara.so — Security Skills collection.
WARNING SIGNS:
✗ Promises "cracks", "keygens", or "pre-activated" commercial software
✗ High star count with very short existence (59 stars in 14 days)
✗ No actual documentation or README
✗ Topics include "defender-bypass" and "thread-hijacking"
✗ Claims to disable security software
✗ Rapid star growth (4 stars/day) indicating bot manipulation# Option 1: Official Bitdefender Free Edition
# Download from: https://www.bitdefender.com/solutions/free.html
# Option 2: Official Trial
# 30-day free trial: https://www.bitdefender.com/Downloads/
# Option 3: Educational/Non-Profit Discounts
# Contact Bitdefender for legitimate discounts# ClamAV - Open source antivirus
sudo apt install clamav clamav-daemon
sudo freshclam # Update virus definitions
clamscan -r /path/to/scan
# Windows Defender (built-in on Windows 10/11)
# Free, legitimate, and effective - already on your system
# Linux Security Tools
sudo apt install rkhunter chkrootkit
sudo rkhunter --check// Programmatic check for suspicious repositories
package main
import "strings"
type RepoWarningFlags struct {
HasCrackKeywords bool
HasBypassTopics bool
NoReadme bool
HighStarVelocity bool
NoRealCode bool
}
func EvaluateRepo(description, topics string, stars, daysOld int) RepoWarningFlags {
crackKeywords := []string{
"crack", "keygen", "loader", "pre-activated",
"license key", "full version", "bypass",
}
dangerousTopics := []string{
"defender-bypass", "thread-hijacking",
"exploit-mitigation", "rootkit-remover",
}
flags := RepoWarningFlags{}
for _, keyword := range crackKeywords {
if strings.Contains(strings.ToLower(description), keyword) {
flags.HasCrackKeywords = true
break
}
}
for _, topic := range dangerousTopics {
if strings.Contains(strings.ToLower(topics), topic) {
flags.HasBypassTopics = true
break
}
}
if daysOld > 0 && stars/daysOld > 2 {
flags.HighStarVelocity = true
}
return flags
}# Report via GitHub CLI
gh repo view OWNER/REPO
# Use web interface to report - no direct CLI command
# Check repository age and activity
gh api repos/OWNER/REPO --jq '{created: .created_at, stars: .stargazers_count, forks: .forks_count}'# Check repository reputation before cloning
# Never run executables from untrusted sources
# If you accidentally cloned, remove immediately
rm -rf suspicious-repo/
# DO NOT run any executables
# Scan your system
clamscan -r ~/Downloads/# Python script to check for common malware indicators
import os
import subprocess
def check_suspicious_processes():
"""Check for processes with suspicious names"""
suspicious_names = [
'keygen', 'crack', 'loader', 'activator',
'kms', 'patch', 'patcher'
]
if os.name == 'nt': # Windows
result = subprocess.run(['tasklist'], capture_output=True, text=True)
else: # Unix-like
result = subprocess.run(['ps', 'aux'], capture_output=True, text=True)
for line in result.stdout.split('\n'):
for suspicious in suspicious_names:
if suspicious in line.lower():
print(f"⚠️ Suspicious process found: {line.strip()}")# 1. Disconnect from internet immediately
sudo ifconfig eth0 down # Linux
# or disable WiFi/Ethernet in Windows
# 2. DO NOT run any executables
# 3. Run full system scan with legitimate antivirus
# Windows Defender offline scan:
# Settings > Update & Security > Windows Security > Virus & threat protection
# > Scan options > Microsoft Defender Offline scan
# 4. Change all passwords from a DIFFERENT, clean device
# 5. Monitor financial accounts for unauthorized activity
# 6. Consider full system reinstall if executable was run# Practice safe software installation
# 1. Only download from official sources
# 2. Verify checksums/signatures
# Example: Verifying a legitimate download
wget https://example.com/software.tar.gz
wget https://example.com/software.tar.gz.sha256
sha256sum -c software.tar.gz.sha256