Jump to content


Photo

Open Source Malware Vector


  • Please log in to reply
4 replies to this topic

#1 wanderer

wanderer

    Member

  • Member
  • PipPip
  • 23 posts

Posted 28 November 2018 - 05:48 PM

Cory Doctorow blogged about an open source project called event-stream being turned into a malware vector.

 

https://boingboing.n...-strangers.html

 


  • nbohr1more likes this

#2 nbohr1more

nbohr1more

    Darkmod PR, Wordsmith

  • Development Role
  • PipPipPipPipPip
  • 9102 posts

Posted 28 November 2018 - 06:25 PM

As I understand it, the target app was related to Crypto mining so the incentive to infiltrate was much higher
than with other dormant projects.

It's good that the alarm bell is being raised anyway.
Please visit TDM's IndieDB site and help promote the mod:

http://www.indiedb.c...ds/the-dark-mod

(Yeah, shameless promotion... but traffic is traffic folks...)

#3 freyk

freyk

    Advanced Member

  • Member
  • PipPipPip
  • 715 posts

Posted 29 November 2018 - 01:59 AM

one of the benefits of opensource is that everyone can read the code.
And there are some os projects who got and got ridden this problem.

But then again,
not everyone is a good coder who can detects this code.
And who is compiling the code,..

Edited by freyk, 29 November 2018 - 02:01 AM.


#4 Abusimplea

Abusimplea

    Advanced Member

  • Member
  • PipPipPip
  • 500 posts

Posted 29 November 2018 - 02:34 AM

Coders using node.js in general seem to really like to pile up a lot of dependencies - while giving a shit about devops security. Looks like shady folks stumbled upon news from 2013.
Another bad practice: Naively downloading and executing Docker images.

It is a bit like the big email worm epidemics - but for naive devs wich search and download the malware instead of naive users wich click on malware mailed to them.

 

Really wonder when we will see the first realworld Meltdown and Spectre exploits though. Does not look like anybody really cares about fixing that holes on millions of old CPUs. And some of that hardware design bugs should be exploitable by tricking a user to run JavaScript embedded on a web page or injected into it by targetted advertising...


Edited by Abusimplea, 29 November 2018 - 02:35 AM.


#5 stumpy

stumpy

    Advanced Member

  • Member
  • PipPipPip
  • 1870 posts

Posted 29 November 2018 - 04:50 AM

there's malware in adverts, you see a lot if you mod minecraft, they use adfly as revenue when downloading a mod, and about 90 percent of adfly adverts are infected, so i use a adblocker, which blocks the malware infected ads, they complain that am stopping them from gaining revenue, but what revenue are they getting from an online ad site that loads there ads with malware.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users