Loading...
Loading...
Identify, analyze, and report malicious software distribution repositories masquerading as legitimate security tools
npx skill4agent add aradotso/security-skills malware-detection-and-reportingSkill by ara.so — Security Skills collection.
package main
import (
"fmt"
"strings"
)
// MalwareIndicators defines suspicious patterns
type MalwareIndicators struct {
SuspiciousTopics []string
RedFlagKeywords []string
RiskScore int
}
// AnalyzeRepository checks for malware distribution patterns
func AnalyzeRepository(description, topics string) MalwareIndicators {
indicators := MalwareIndicators{
SuspiciousTopics: []string{},
RedFlagKeywords: []string{},
RiskScore: 0,
}
// Check for crack/keygen keywords
crackKeywords := []string{
"crack", "keygen", "loader", "pre-activated",
"license key", "activation", "full version",
}
for _, keyword := range crackKeywords {
if strings.Contains(strings.ToLower(description), keyword) {
indicators.RedFlagKeywords = append(indicators.RedFlagKeywords, keyword)
indicators.RiskScore += 15
}
}
// Check for bypass/exploit topics
dangerousTopics := []string{
"defender-bypass", "thread-hijacking", "rootkit",
"exploit-mitigation",
}
for _, topic := range dangerousTopics {
if strings.Contains(strings.ToLower(topics), topic) {
indicators.SuspiciousTopics = append(indicators.SuspiciousTopics, topic)
indicators.RiskScore += 20
}
}
// Check for commercial software names
if strings.Contains(strings.ToLower(description), "bitdefender") ||
strings.Contains(strings.ToLower(description), "kaspersky") ||
strings.Contains(strings.ToLower(description), "norton") {
indicators.RiskScore += 25
}
return indicators
}
func main() {
description := "Bitdefender Total Security Crack License Key Pre-Activated"
topics := "defender-bypass thread-hijacking rootkit-remover"
result := AnalyzeRepository(description, topics)
fmt.Printf("Risk Score: %d/100\n", result.RiskScore)
fmt.Printf("Suspicious Topics: %v\n", result.SuspiciousTopics)
fmt.Printf("Red Flag Keywords: %v\n", result.RedFlagKeywords)
if result.RiskScore >= 50 {
fmt.Println("⚠️ HIGH RISK - Likely malware distribution")
}
}# Report via GitHub web interface:
# 1. Navigate to the repository
# 2. Click "⚠️" or go to repository settings
# 3. Select "Report abuse" or "Report content"
# 4. Choose category: "Malware distribution" or "Phishing"
# Or use GitHub API to gather evidence
curl -H "Authorization: token ${GITHUB_TOKEN}" \
https://api.github.com/repos/MistDuckCount/Bitdefender-Total-Security-Crack-2026package main
import (
"encoding/json"
"fmt"
"net/http"
"os"
)
type RepoEvidence struct {
Name string `json:"name"`
Description string `json:"description"`
Topics []string `json:"topics"`
StarsCount int `json:"stargazers_count"`
CreatedAt string `json:"created_at"`
HasReadme bool
HasCode bool
}
func CollectEvidence(owner, repo string) (*RepoEvidence, error) {
url := fmt.Sprintf("https://api.github.com/repos/%s/%s", owner, repo)
client := &http.Client{}
req, err := http.NewRequest("GET", url, nil)
if err != nil {
return nil, err
}
// Use token from environment if available
if token := os.Getenv("GITHUB_TOKEN"); token != "" {
req.Header.Set("Authorization", "token "+token)
}
resp, err := client.Do(req)
if err != nil {
return nil, err
}
defer resp.Body.Close()
var evidence RepoEvidence
if err := json.NewDecoder(resp.Body).Decode(&evidence); err != nil {
return nil, err
}
return &evidence, nil
}
func GenerateReport(evidence *RepoEvidence) string {
report := fmt.Sprintf(`
MALWARE DISTRIBUTION REPORT
===========================
Repository: %s
Description: %s
Topics: %v
Stars: %d
Created: %s
INDICATORS:
- Promises cracked commercial software
- Contains bypass/exploit topics
- No legitimate source code
- Artificial engagement pattern
RECOMMENDATION: Report and avoid
`, evidence.Name, evidence.Description, evidence.Topics,
evidence.StarsCount, evidence.CreatedAt)
return report
}// Instead of cracked software, use legitimate alternatives:
var SafeSecurityTools = map[string]string{
"antivirus_free": "Windows Defender (built-in)",
"firewall": "Built-in OS firewalls",
"malware_scan": "Malwarebytes Free",
"monitoring": "Process Explorer (Sysinternals)",
}
func RecommendAlternative(requestedTool string) string {
if alt, ok := SafeSecurityTools[requestedTool]; ok {
return fmt.Sprintf("Use %s instead - it's free and safe", alt)
}
return "Use official trial versions or open-source alternatives"
}package main
import (
"regexp"
"strings"
)
type ScanResult struct {
IsSuspicious bool
Reasons []string
Confidence float64
}
func ScanRepositoryContent(description, readme string) ScanResult {
result := ScanResult{
IsSuspicious: false,
Reasons: []string{},
Confidence: 0.0,
}
// Pattern matching for malicious indicators
patterns := map[string]*regexp.Regexp{
"crack_mention": regexp.MustCompile(`(?i)(crack|keygen|patch|loader|activator)`),
"bypass_mention": regexp.MustCompile(`(?i)(bypass|disable|remove)\s+(defender|antivirus|firewall)`),
"free_premium": regexp.MustCompile(`(?i)(free|full version|premium)\s+(download|license)`),
"suspicious_file": regexp.MustCompile(`(?i)\.(exe|dll|scr|bat|vbs|ps1)\s+download`),
}
matchCount := 0
for reason, pattern := range patterns {
if pattern.MatchString(description) || pattern.MatchString(readme) {
result.Reasons = append(result.Reasons, reason)
matchCount++
}
}
if matchCount > 0 {
result.IsSuspicious = true
result.Confidence = float64(matchCount) / float64(len(patterns))
}
// Check for missing legitimate content
if len(readme) < 100 || !strings.Contains(readme, "license") {
result.Reasons = append(result.Reasons, "insufficient_documentation")
result.Confidence += 0.2
}
return result
}// Implement security checks in your CI/CD
package main
import "fmt"
func ValidateRepository() error {
checks := []struct {
name string
pass bool
}{
{"Has LICENSE file", true},
{"Has source code", true},
{"No executable binaries", true},
{"Has documentation", true},
{"No crack/keygen mentions", true},
}
for _, check := range checks {
if !check.pass {
return fmt.Errorf("validation failed: %s", check.name)
}
}
return nil
}