Is this satire or

You’ve discovered an artifact!! Yaaaay

If you ask GPT to do this in a more math questiony way, itll break it down and do it correctly. Just gotta narrow top_p and temperature down a bit

That’s… impossible…

…ITS OVER NINE THOUSANDDDDDD

Don’t forget mobile device zero days via text

Not at all what I meant. The premise was that this wouldn’t happen if they were being paid fairly. Supply chain attacks happen with or without fair pay.

Look at what happened with the XZ backdoor. Whether or not they’re getting paid just means a different door is opened.

The root of the problem is that we blindly trust anyone based on name-brand and popularity. That has never in the existence of technology been a reliable nor an effective means of authentication.

If it’s not outright buying out companies it will be vulnerabilities/lack of appropriate management, if it’s not vulns it’ll be insider threat.

These are problems we’ve known about for at least a decade+ and we’ve done fuck all to address the root of the problem.

Never trust, always verify. Simple as that.

… he made plenty off the product and made additional when he sold. Devs ability to make money has nothing to do with companies coming in and injecting malware to the service.

Any threat actor group with sufficient funds from various campaigns, spyware, etc could use said funds to buy out a dev, owner, etc.

Not to mention state-sponsored threat actors. This is the perfect example of distracting from the fact of what happened.

Good catch! Missed that one

For anyone interested - I’d you are using umatrix to block shit you can punch these lines into a new text file and import as blocklist, then commit it with the tiny arrow that points left toward the permanent list to save it permanently:

* www[.]googie-anaiytics[.]com * block

* kuurza[.]com * block

* cdn[.]polyfill[.]io * block

* polyfill[.]io * block

* bootcss[.]com * block

* bootcdn[.]net * block

* staticfile[.]org * block

* polyfill[.]com * block

* staticfile[.]net * block

* unionadjs[.]com * block

* xhsbpza[.]com * block

* union[.]macoms[.]la * block

* newcrbpc[.]com * block

Remove the square brackets before saving the file - these are here to prevent hyperlinks and misclicks.

Edit: this is not a bulleted list, every line must start with an asterisk, just in case your instance doesn’t update edits made to comments quickly.

Edit2: added new IOCs

Edit3: MOAR IOCS FOR THE HOARDE

This has almost nothing to do with what you’re talking about.

A Chinese company bought the domain and the service in February and are attacking people in highly specific conditions. (Mobile devices at specific times)

This is an attack. Not negligence, not an uh oh oopsie woopsie fucky wucky. Attack.

Intuit uses pollyfill… and a lot of people use that service.

Cloudflare and fastly wouldn’t be setting up mirrors if it weren’t still being used, I can guarantee that.

.

Tl;Dr new Linux malware specific to a flavor used by the Indian government uses emojis as a c2 comms path

Nice. So trying to look at this rom under the hood causes a device wipe? Am I understanding that right?

Sounds like fucking malware/spyware if you ask me.

Could be. However, the point stands, you’re gonna get what you pay for in the end. Not trying to be a dick ofc, but that’s the reality.

There are some well performing options that are free, but they are limited, and not too common imo

If anyone does have some good options, feel free to share as I may be unaware of them and think learning about them would be neat

I’m still waiting for modular phones to be more mainstream. Tired of the ewaste. Tired of the anti consumer practices. Tired of planned obsolescence.

And you got what you paid for, no?

I believe there is a free version as well but don’t think just because you’re installing Linux that you’re somehow safer.

There was just a package that was essentially socially engineered into by a hacker, who then had full access to everyone’s shit.

All because a GitHub author was pressured into letting them contribute to code. Mac/Apple are no different and starting to be more and more vulnerable as the “security by obscurity” wears off.

Free tools are fine and well, but that stuff is done for free. Including maintainence and everything else. In times like these, ain’t nobody got time for that anymore. People need to make a living and you will see degradation in the products thusly

I’ll also toss this hat into the ring - sysmon this is essentially a logging tool thats a bit better/nicer than the windows default, and categorizes all logs into very neat buckets that will make watching out for strange shit much much easier.

Sysmon is part of the sysinternals suite (vetted by the community + microsoft, which is sayin somethin lol) and you can make use this as the config file to use (Uses industry-standard MITRE Att&ck framework) which you can then use to correlate to more threats/malware authors/malware artifacts if you really wanna get your hands dirty/have some fun

Windows defender also has an offline scan mode which may be of use here - hard to say, dunno if they ever dropped a rootkit or any other av-dodging/persistence mechanisms

Bitdefender usually goes on sale too - check for coupon codes, don’t pay full price. Plus you get like 5 devices with your license IIRC. Worth a shot

Here’s probably all the info you could ever need:

https://redcanary.com/blog/threat-intelligence/raspberry-robin/

Next, you need to get your systems scanned and cleaned. Malware bytes is likely enough, but I always recommend BitDefender. Their efficacy rates are always fantastic, and they have been leading the industry for several years now. Download the AV on a clean system, put on clean flash drive, and install that way.

Last, you’re gonna need to reset your passwords. Yes, I know that’s toxic af. But this is the reality and why we always need to be veeeery careful with what we do. This worm communicates with a c2 server which means it can update itself which makes detection hard, and it also means that, at one point it may have been spying on your activity (and it likely was if not continues to)

This stuff happens, don’t beat yourself up too much. Live and learn