😠 Hopefully shining a light on the repository will help others to also report the user accounts and have GitHub do something.

Update: It worked! The account is now down 🥲👏

@@cyberraiju yeah i had to report myself and make few others report it

@@cyberraiju someone else has done a deep investigation into this. Phantom Overlay forums has the investigation and info public on their site

Targeted at stealing gamers logins to sell

What new API are you referring to here? I wasn't aware that ntresumethread was a deprecated API. I will generally use breakpoints on APIs I believe are being used by the malware, regardless of whether they're deprecated or not.

@@cyberraiju I was just wondering why you used native APIs for your breakpoints (ie the one starting with NT or Zw) and not high level APIs like VirtualAllocEx for example?

@@jaylal4899 oh right, my logic here was that I didn't see the high level API present in the IAT, so I figured maybe it was being imported using LoadLibrary at runtime or was using another method that would inevitably call the Native API to perform injection anyway. I could be completely off base here but I figured a breakpoint on the Native API would still work because ntdll.dll is always loaded at runtime, so it would know where that breakpoint needed to be, whereas a higher level API may not have been loaded yet or may be being referenced indirectly so attempting to put a breakpoint on that API would would cause my debugger to fail to identify where to put the breakpoint. I hope that makes sense. I'm not sure if this is a logical way of thinking or not to be honest, but it seems to be working for me 😅

Thankyou! I do make the memes 😅. Technically imgflip does the creation, I'm just telling it what meme, text, and formatting I'd like 😂

Yeah. Sometimes they do steal metadata from legitimate software, but at the end of the day it's the internet and it's just full of sharks which is a constant battle of moderating malware distribution 😔

10 internet points for you!

It’s a group of people not one person

@@ICD753 i think it was one who posted it? idk i think im retarded anyways))