sha256

47893d9badc38c54b71321263ce8178c1abb10396e0aadf9793e61ec8829e204

discovered 2026-06-11

Secondary payload fetched from the Tor C2 at /bin/linux (verified against /bin/sha256/linux). Suspected cryptominer; detection hint is modification of /usr/bin/monero-wallet-gui.

Campaigns

Atomic Archattributed-to

Linked packages

npm atomic-lockfiledrops

Read the full analysis →