report-malicious-repository
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseReport Malicious Repository
报告恶意仓库
⚠️ WARNING: This Repository is Malicious
⚠️ 警告:此仓库为恶意仓库
The project is NOT legitimate software. This is a malicious repository designed to distribute malware, trojans, or phishing attacks by:
DragonflyTomb/Avast-Premium-Security-2026- Claiming to offer "cracked" or "pre-activated" commercial software
- Including terms like "keygen", "loader", "serial" in the description
- Impersonating legitimate security software (Avast)
- Using deceptive tactics (fake stars, professional-looking descriptions)
项目 并非合法软件。这是一个恶意仓库,旨在通过以下方式分发恶意软件、特洛伊木马或实施钓鱼攻击:
DragonflyTomb/Avast-Premium-Security-2026- 声称提供“cracked”(破解版)或“pre-activated”(预激活)的商业软件
- 描述中包含“keygen”、“loader”、“serial”等术语
- 冒充合法安全软件(Avast)
- 使用欺骗手段(虚假星标、专业外观的描述)
Identifying Malicious Repositories
识别恶意仓库
Red Flags
危险信号
- Piracy Keywords: keygen, crack, loader, serial, pre-activated, license key
- Too Good to Be True: Free versions of expensive commercial software
- Suspicious Topics: Mixing legitimate topics (retdec) with piracy terms
- No Source Code: Empty or minimal repository with download links
- Recent Creation: New accounts with inflated star counts
- Impersonation: Using brand names (Avast, Norton, etc.) without authorization
- 盗版关键词:keygen、crack、loader、serial、pre-activated、license key
- 好得难以置信:昂贵商业软件的免费版本
- 可疑主题:将合法主题(如retdec)与盗版术语混合
- 无源代码:空仓库或仅有下载链接的极简仓库
- 近期创建:新账户却有虚高的星标数量
- 品牌冒充:未经授权使用品牌名称(Avast、Norton等)
Analysis Pattern
分析模式
go
package main
import (
"strings"
"regexp"
)
type RepoAnalysis struct {
IsSuspicious bool
RedFlags []string
RiskLevel string
}
func AnalyzeRepository(description, topics string, hasReadme bool, age int) RepoAnalysis {
analysis := RepoAnalysis{
RedFlags: []string{},
}
suspiciousKeywords := []string{
"keygen", "crack", "loader", "serial", "pre-activated",
"license key", "full version", "premium", "activation",
}
lowerDesc := strings.ToLower(description)
// Check for piracy keywords
for _, keyword := range suspiciousKeywords {
if strings.Contains(lowerDesc, keyword) {
analysis.RedFlags = append(analysis.RedFlags, "Piracy keyword: "+keyword)
analysis.IsSuspicious = true
}
}
// Check for brand impersonation
brands := []string{"avast", "norton", "mcafee", "kaspersky", "bitdefender"}
for _, brand := range brands {
if strings.Contains(lowerDesc, brand) {
analysis.RedFlags = append(analysis.RedFlags, "Brand impersonation: "+brand)
}
}
// Check for missing README
if !hasReadme {
analysis.RedFlags = append(analysis.RedFlags, "No README file")
analysis.IsSuspicious = true
}
// Check repository age vs stars
if age < 14 {
analysis.RedFlags = append(analysis.RedFlags, "Suspiciously new repository")
}
// Determine risk level
if len(analysis.RedFlags) >= 3 {
analysis.RiskLevel = "CRITICAL"
} else if len(analysis.RedFlags) >= 2 {
analysis.RiskLevel = "HIGH"
} else if analysis.IsSuspicious {
analysis.RiskLevel = "MEDIUM"
} else {
analysis.RiskLevel = "LOW"
}
return analysis
}go
package main
import (
"strings"
"regexp"
)
type RepoAnalysis struct {
IsSuspicious bool
RedFlags []string
RiskLevel string
}
func AnalyzeRepository(description, topics string, hasReadme bool, age int) RepoAnalysis {
analysis := RepoAnalysis{
RedFlags: []string{},
}
suspiciousKeywords := []string{
"keygen", "crack", "loader", "serial", "pre-activated",
"license key", "full version", "premium", "activation",
}
lowerDesc := strings.ToLower(description)
// Check for piracy keywords
for _, keyword := range suspiciousKeywords {
if strings.Contains(lowerDesc, keyword) {
analysis.RedFlags = append(analysis.RedFlags, "Piracy keyword: "+keyword)
analysis.IsSuspicious = true
}
}
// Check for brand impersonation
brands := []string{"avast", "norton", "mcafee", "kaspersky", "bitdefender"}
for _, brand := range brands {
if strings.Contains(lowerDesc, brand) {
analysis.RedFlags = append(analysis.RedFlags, "Brand impersonation: "+brand)
}
}
// Check for missing README
if !hasReadme {
analysis.RedFlags = append(analysis.RedFlags, "No README file")
analysis.IsSuspicious = true
}
// Check repository age vs stars
if age < 14 {
analysis.RedFlags = append(analysis.RedFlags, "Suspiciously new repository")
}
// Determine risk level
if len(analysis.RedFlags) >= 3 {
analysis.RiskLevel = "CRITICAL"
} else if len(analysis.RedFlags) >= 2 {
analysis.RiskLevel = "HIGH"
} else if analysis.IsSuspicious {
analysis.RiskLevel = "MEDIUM"
} else {
analysis.RiskLevel = "LOW"
}
return analysis
}Reporting Malicious Repositories
报告恶意仓库
GitHub Reporting Process
GitHub 报告流程
- Navigate to the repository
- Click the repository name to go to the main page
- Look for the three dots menu (⋯) or scroll to bottom
- Select "Report repository" or visit:
https://github.com/contact/report-content
- 导航至仓库页面
- 点击仓库名称进入主页面
- 找到三点菜单(⋯)或滚动至页面底部
- **选择“Report repository”**或访问:
https://github.com/contact/report-content
Report Template
报告模板
text
Repository: [USERNAME/REPO-NAME]
Issue Type: Malware/Phishing/Copyright Infringement
Description:
This repository is distributing malicious software disguised as cracked/pirated
commercial antivirus software. It contains:
- Claims of "keygen", "pre-activated", "license key" for Avast Premium Security
- No legitimate source code
- Impersonation of Avast brand
- Likely contains malware, trojans, or ransomware
Evidence:
- Repository description contains piracy keywords
- No README or source code provided
- Uses deceptive branding
Requested Action: Immediate takedown and account suspensiontext
Repository: [USERNAME/REPO-NAME]
Issue Type: Malware/Phishing/Copyright Infringement
Description:
This repository is distributing malicious software disguised as cracked/pirated
commercial antivirus software. It contains:
- Claims of "keygen", "pre-activated", "license key" for Avast Premium Security
- No legitimate source code
- Impersonation of Avast brand
- Likely contains malware, trojans, or ransomware
Evidence:
- Repository description contains piracy keywords
- No README or source code provided
- Uses deceptive branding
Requested Action: Immediate takedown and account suspensionAutomated Reporting Script
自动报告脚本
go
package main
import (
"bytes"
"encoding/json"
"fmt"
"net/http"
"os"
)
type GitHubReport struct {
Subject string `json:"subject"`
SubjectType string `json:"subject_type"`
Message string `json:"message"`
}
func ReportToGitHub(repoFullName, reason string) error {
// NOTE: GitHub doesn't have a public API for abuse reports
// This is a conceptual example - actual reporting must be done via web form
reportURL := "https://github.com/contact/report-content"
fmt.Printf("⚠️ MALICIOUS REPOSITORY DETECTED\n")
fmt.Printf("Repository: %s\n", repoFullName)
fmt.Printf("Reason: %s\n\n", reason)
fmt.Printf("Please report manually at: %s\n", reportURL)
fmt.Printf("Include repository URL and reason above.\n")
return nil
}
// Scan repository metadata for red flags
func ScanRepository(owner, repo string) error {
githubToken := os.Getenv("GITHUB_TOKEN")
if githubToken == "" {
return fmt.Errorf("GITHUB_TOKEN environment variable required")
}
url := fmt.Sprintf("https://api.github.com/repos/%s/%s", owner, repo)
req, _ := http.NewRequest("GET", url, nil)
req.Header.Set("Authorization", "Bearer "+githubToken)
req.Header.Set("Accept", "application/vnd.github+json")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
return err
}
defer resp.Body.Close()
var repoData map[string]interface{}
json.NewDecoder(resp.Body).Decode(&repoData)
description := repoData["description"].(string)
analysis := AnalyzeRepository(description, "", false, 10)
if analysis.RiskLevel == "CRITICAL" || analysis.RiskLevel == "HIGH" {
fmt.Printf("🚨 ALERT: %s risk repository detected!\n", analysis.RiskLevel)
for _, flag := range analysis.RedFlags {
fmt.Printf(" - %s\n", flag)
}
return ReportToGitHub(owner+"/"+repo, "Malware distribution")
}
return nil
}go
package main
import (
"bytes"
"encoding/json"
"fmt"
"net/http"
"os"
)
type GitHubReport struct {
Subject string `json:"subject"`
SubjectType string `json:"subject_type"`
Message string `json:"message"`
}
func ReportToGitHub(repoFullName, reason string) error {
// NOTE: GitHub doesn't have a public API for abuse reports
// This is a conceptual example - actual reporting must be done via web form
reportURL := "https://github.com/contact/report-content"
fmt.Printf("⚠️ MALICIOUS REPOSITORY DETECTED\n")
fmt.Printf("Repository: %s\n", repoFullName)
fmt.Printf("Reason: %s\n\n", reason)
fmt.Printf("Please report manually at: %s\n", reportURL)
fmt.Printf("Include repository URL and reason above.\n")
return nil
}
// Scan repository metadata for red flags
func ScanRepository(owner, repo string) error {
githubToken := os.Getenv("GITHUB_TOKEN")
if githubToken == "" {
return fmt.Errorf("GITHUB_TOKEN environment variable required")
}
url := fmt.Sprintf("https://api.github.com/repos/%s/%s", owner, repo)
req, _ := http.NewRequest("GET", url, nil)
req.Header.Set("Authorization", "Bearer "+githubToken)
req.Header.Set("Accept", "application/vnd.github+json")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
return err
}
defer resp.Body.Close()
var repoData map[string]interface{}
json.NewDecoder(resp.Body).Decode(&repoData)
description := repoData["description"].(string)
analysis := AnalyzeRepository(description, "", false, 10)
if analysis.RiskLevel == "CRITICAL" || analysis.RiskLevel == "HIGH" {
fmt.Printf("🚨 ALERT: %s risk repository detected!\n", analysis.RiskLevel)
for _, flag := range analysis.RedFlags {
fmt.Printf(" - %s\n", flag)
}
return ReportToGitHub(owner+"/"+repo, "Malware distribution")
}
return nil
}Protection Measures
防护措施
For Developers
面向开发者
go
// Add to your dependency scanning
func ValidateDependency(repoURL string) bool {
// Check against known malware lists
// Verify package signatures
// Analyze repository metadata
blacklist := []string{
"keygen", "crack", "loader", "premium-loader",
}
for _, term := range blacklist {
if strings.Contains(strings.ToLower(repoURL), term) {
return false
}
}
return true
}go
// Add to your dependency scanning
func ValidateDependency(repoURL string) bool {
// Check against known malware lists
// Verify package signatures
// Analyze repository metadata
blacklist := []string{
"keygen", "crack", "loader", "premium-loader",
}
for _, term := range blacklist {
if strings.Contains(strings.ToLower(repoURL), term) {
return false
}
}
return true
}For Organizations
面向组织
- Block suspicious patterns in CI/CD
- Implement dependency scanning tools
- Educate developers about social engineering
- Use verified sources only (official registries)
- 在CI/CD中阻止可疑模式
- 部署依赖扫描工具
- 对开发者进行社会工程学教育
- 仅使用经过验证的来源(官方注册表)
Common Attack Patterns
常见攻击模式
- Typosquatting: Similar names to legitimate projects
- Brand Impersonation: Using well-known software names
- SEO Manipulation: Keyword stuffing for search visibility
- Social Engineering: Fake stars, professional appearance
- Trojan Distribution: Executable files disguised as installers
- 仿冒域名/仓库名(Typosquatting):与合法项目名称相似
- 品牌冒充:使用知名软件名称
- SEO操纵:堆砌关键词提高搜索可见性
- 社会工程学:虚假星标、专业外观
- 特洛伊木马分发:将可执行文件伪装成安装程序
Legitimate Alternatives
合法替代方案
For actual Avast software:
- Official website: https://www.avast.com
- Official GitHub (if any): Verify through company website
- Licensed purchases only through authorized channels
如需获取正版Avast软件:
- 官方网站:https://www.avast.com
- 官方GitHub(如有):通过公司官网验证
- 仅通过授权渠道购买正版许可
Resources
资源
- GitHub Abuse Report: https://github.com/contact/report-content
- DMCA Takedown: https://github.com/contact/dmca
- US-CERT: https://www.cisa.gov/report
- Anti-Phishing Working Group: https://apwg.org/reportphishing/
Remember: Never download "cracked" or "pre-activated" security software. It ALWAYS contains malware.
- GitHub滥用报告:https://github.com/contact/report-content
- DMCA下架申请:https://github.com/contact/dmca
- US-CERT:https://www.cisa.gov/report
- 反钓鱼工作组:https://apwg.org/reportphishing/
切记:切勿下载“cracked”或“pre-activated”的安全软件。这类软件必然包含恶意软件。