GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Foone🏳️‍⚧️ (foone@digipres.club)'s status on Friday, 28-Mar-2025 06:56:53 JST Foone🏳️‍⚧️ Foone🏳️‍⚧️

    they distribute some of the malware through NPM, fun!

    In conversation 5 days ago from digipres.club permalink
    • Haelwenn /элвэн/ :triskell: likes this.
    • Embed this notice
      Foone🏳️‍⚧️ (foone@digipres.club)'s status on Friday, 28-Mar-2025 07:02:54 JST Foone🏳️‍⚧️ Foone🏳️‍⚧️
      in reply to

      It's a npm package with no actual source that does anything, but there's a prebuild file that is an exe containing malware

      In conversation 5 days ago permalink
      Haelwenn /элвэн/ :triskell: likes this.
    • Embed this notice
      Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Friday, 28-Mar-2025 07:04:38 JST Haelwenn /элвэн/ :triskell: Haelwenn /элвэн/ :triskell:
      in reply to
      @foone Sometimes I feel like npm/pypi/… really ought to have like security researchers able to run scanners and stuff at the bunch of binaries hosted there.
      In conversation 5 days ago permalink
    • Embed this notice
      Foone🏳️‍⚧️ (foone@digipres.club)'s status on Friday, 28-Mar-2025 07:06:02 JST Foone🏳️‍⚧️ Foone🏳️‍⚧️
      in reply to

      And the electron malware dropped an exe malware. Yay

      In conversation 5 days ago permalink
    • Embed this notice
      Foone🏳️‍⚧️ (foone@digipres.club)'s status on Friday, 28-Mar-2025 07:06:02 JST Foone🏳️‍⚧️ Foone🏳️‍⚧️
      in reply to

      I'm gonna leave this to the kind of security researchers who get paid for this, and go help my roommate reinstall her PC and change all her passwords

      In conversation 5 days ago permalink
      Haelwenn /элвэн/ :triskell: likes this.
    • Embed this notice
      Foone🏳️‍⚧️ (foone@digipres.club)'s status on Friday, 28-Mar-2025 09:07:25 JST Foone🏳️‍⚧️ Foone🏳️‍⚧️
      in reply to

      anyone an actual security researcher who knows how (and with what authority) to yell at NPM to get this taken down?

      https://www.npmjs.com/package/ilovingcats

      In conversation 5 days ago permalink
    • Embed this notice
      Foone🏳️‍⚧️ (foone@digipres.club)'s status on Friday, 28-Mar-2025 09:07:26 JST Foone🏳️‍⚧️ Foone🏳️‍⚧️
      in reply to

      So it's packaged like this:
      rar inside a rar (both passworded)
      containing an NSIS installer
      which drops and runs a copy of electron.
      the electron code is obfuscated, and encrypted. it decrypts itself on run. the encrypted code is also obfuscated.

      that JS code does most of the password stealing, but it drops an EXE file off the iwannaeatcats.com site, and sets it up to auto-run next boot. it also grabs the NPM package, for unknown reasons

      In conversation 5 days ago permalink

      Attachments


      1. Invalid filename.
      Haelwenn /элвэн/ :triskell: repeated this.

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.

Embed this notice