Malicious Go and PyPI packages use Gmail and wget to exfiltrate data, wipe Linux disks, and hijack crypto credentials.
  • Onno (VK6FLAB)@lemmy.radio
    4·
    3 days ago

    There’s a reason why there’s only privileged write access to /dev/sda.

    If you run unknown software as root on any computer you get to experience first hand the impact of: “fuck around and find out”.

    • Dumhuvud@programming.devEnglish
      2·
      2 days ago

      I mean, you can destroy users’ data by doing the equivalent of:

      find "$HOME" -type f -delete

      No idea why they decided to write to /dev/* directly.

      • ulterno@programming.devEnglish
        0·
        7 hours ago

        Can’t delete a drive that I haven’t mounted! :catch_me_if_you_can_vibes:

        But if I haven’t mounted it, why is it connected in the first place? idk

  • pelya@lemmy.world
    4·
    3 days ago

    Ain’t no way mah C++ modules deliver any of them malware.

    because

    C++ got no fancy-shmancy modules, got ya!