⚠️ Urgent Security Concern: Expired domain cakes.run redirecting to known malware

[GoDjMike]

Hey @Dhravya:

The cakes.run domain and associated repos all link out to a now-expired documentation site which now redirects to various spammy URLs, the first of which I encountered that is distributing a well-known trojan. Anyone accessing related repos/docs to the Cake Cutter projects are at risk.

A WHOIS report on the domain indicates Namecheap owns it now.

---

Details

Current Issue:

• Visiting https://cakes.run and/or https://docs.cakes.run redirects to malicious sites; some are actively distributing malware.
• WHOIS lookup shows that Namecheap now owns the cakes.run domain. You can check the WHOIS record here

Affected Repositories:

• cake-cutter/cakecutter
• cake-cutter/cakes.run
• cake-cutter/cakes
• cake-cutter/old-docs
• cake-cutter/docs
• github/cake-cutter

Evidence:

• 
• 
• 
• The name of these trojans are always changing, but the delivery method is identical. For example, look at this recent version named 'Securiguard' with an identical UI/UX to 'Privacy Keeper' found on AnyRun Intel
• The specific malware, Securiguard is present in recent unrelated discussions: Malwarebytes Forum Discussion
• MSIX installer malware is increasingly common RedCanary Blog

---

Recommendation

1. Contact Namecheap:
Inform Namecheap about the misuse of the cakes.run domain using their Abuse Reporting Procedure

2. Update All Documentation Links:
In the interim, you could either remove all links or update them all. For a quick fix, just use the Web Archive URL temporarily for:

• cake-cutter/cakecutter
• cake-cutter/cakes.run
• cake-cutter/cakes
• cake-cutter/old-docs
• cake-cutter/docs
• github/cake-cutter

---

Best,
Mike