TL;DR: [email protected] is malicious. It uses Bun runtime smuggling for EDR evasion, scrapes GitHub Actions runner memory for secrets, harvests credentials from every major cloud provider and secrets management system, exfiltrates through RSA-4096 encrypted channels, injects a secret-dumping GitHub Actions workflow disguised as Dependabot, poisons every branch of compromised repos with files disguised as Claude […]