Skip to content

Security: Storybloq/etherhiding-detector

Security

SECURITY.md

Security Policy

Reporting a vulnerability in this tool

If you find a security issue in the scanner itself (e.g. a way to make it execute scanned content, a path-handling bug, or a crash on hostile input), please report it privately:

Please do not open a public issue for a vulnerability until it has been addressed. We aim to acknowledge reports within a few days.

Reporting malware indicators

This is a defensive tool. If you have new indicators of compromise for the EtherHiding / UNC5142 campaign (or a related build-config loader), please open a normal pull request or issue with the indicators and, ideally, a reference. Share hashes/IOCs — not live malware samples or proprietary source.

Safe-by-design

The scanner only reads files and runs read-only git commands. It never executes, evals, requires, builds, or network-fetches the code it inspects, and ships no live payloads (test fixtures are inert synthetic stand-ins). If you believe any of those properties is violated, treat it as a security issue and report it as above.

There aren't any published security advisories