BetPoker: Credential-Gated JavaScript RAT with Dual Delivery Routes in a Web3 Assessment Repository
“The table is set like an altar, and whoso sits there is counted among the damned.” Executive Summary A threat actor operating under the GitHub organisation LimitBreakOrgs used a repository named bet_ver_1, publicly described as “BetPoker”, as a malicious Web3 gaming assessment project. The organisation name appears designed to resemble limitbreakinc, the legitimate GitHub organisation associated with Limit Break Inc., a Web3 gaming company. The preserved repository presents as a Web3 poker and sports betting platform and contains two independent execution routes: one through a VS Code folder-open task, and one through backend startup via npm start. ...