Onusman_2022-10-31_update.zip Apr 2026

Creation of keys in \Software\Onusman or similar strings. Remediation Steps

Scans for browser extensions and local files related to cryptocurrency wallets (e.g., MetaMask, Binance). Onusman_2022-10-31_update.zip

Outbound traffic to api.telegram.org or specific suspicious IP addresses associated with "Onusman" hosting. Creation of keys in \Software\Onusman or similar strings

Data is typically compressed and sent via HTTP/HTTPS POST requests. Onusman_2022-10-31_update.zip