this post was submitted on 15 Jun 2024
178 points (95.9% liked)

Linux

5324 readers
229 users here now

A community for everything relating to the linux operating system

Also check out !linux_memes@programming.dev

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 1 year ago
MODERATORS
top 22 comments
sorted by: hot top controversial new old
[–] stevedidwhat_infosec@infosec.pub 119 points 5 months ago

Tl;Dr new Linux malware specific to a flavor used by the Indian government uses emojis as a c2 comms path

[–] s38b35M5@lemmy.world 61 points 5 months ago (3 children)

The joke's on you, malware devs! I never use Discord, and never did on my Linux machines.

[–] joyjoy@lemm.ee 28 points 5 months ago (1 children)

And it targets the BOSS environment, which is used by Indian officials.

[–] TheImpressiveX@lemmy.ml 29 points 5 months ago (1 children)

BOSS environment

Bee Open Source Software?

[–] sorghum@sh.itjust.works 12 points 5 months ago

We talking about software for Haiku?

[–] RonSijm@programming.dev 20 points 5 months ago

I would assume this just relies on the Discord API being read by the bot - and not on having a local discord installed...

[–] devfuuu@lemmy.world 9 points 5 months ago (1 children)

Let's see if the flatpak ideas about sandboxing being pushed down our throats actually prevent these abuses or not...

[–] MinusPi@pawb.social 6 points 5 months ago (2 children)

I'm honestly so sick of everything being sandboxed. The security is not worth the hassle.

[–] Redjard@lemmy.dbzer0.com 16 points 5 months ago (2 children)

More so, if it is easily sandboxed, it should just be a webapp. Which discord already is.
Just use the website.

Browsers are already easily themed, have plenty of tools to change deeper functionality, and are way more sandboxed than any other app packaging ecosystem.

[–] photonic_sorcerer@lemmy.dbzer0.com 4 points 5 months ago (1 children)

I tried that, but I had problems with my audio setup every time I used it.

[–] balder1993@programming.dev 3 points 5 months ago

That’s a good argument.

[–] Vilian@lemmy.ca 2 points 5 months ago (1 children)
[–] MinusPi@pawb.social 15 points 5 months ago (1 children)

Everything is ever so slightly broken in a way that I just can't ignore. Personalization doesn't quite work. Permissions are overwhelming and usually lead to silent failures. Integration with the rest of the system is weak at best.

[–] Vilian@lemmy.ca 0 points 5 months ago (1 children)

so problems from programs that don't support flatpak, not flatpak fault, because everything you said is supported

Everything is ever so slightly broken in a way that I just can't ignore.

this isn't even caused by flatpak, it's the app fault

[–] MinusPi@pawb.social 3 points 5 months ago

I don't care whose fault it is, it's obnoxious and I don't want to bother with it. Lately though, it seems like everything is only being released as a flatpak app despite those issues.

[–] Catoblepas@lemmy.blahaj.zone 20 points 5 months ago (2 children)

Asking as someone who is absolutely not tech proficient compared to most lemmy users: is this a vulnerability with Linux or Discord specifically, or is this something that could be carried out on any OS/messenger if the computer was infected?

[–] HuntressHimbo@lemm.ee 40 points 5 months ago (1 children)

From the article, it sounds as though this isn't something a normal user should be worried about. They said the security researched believe it targets a Linux distribution used by the Indian government, and the phishing/malicious links seem intended to target Indian officials.

[–] homesweethomeMrL@lemmy.world 14 points 5 months ago

According to Volexity, the malware was discovered after the researchers spotted a UPX-packed ELF executable in a ZIP archive, likely distributed through phishing emails. Volexity believes that the malware targets a custom Linux distribution named BOSS that Indian government agencies use as their desktop.

I use Arch, btw. /s

[–] NateSwift@lemmy.dbzer0.com 31 points 5 months ago

It looks like there isn’t a vulnerability at all. Just a malware executable disguised as a pdf in a zip file that uses discord as a communication method

[–] Blaze@lemmy.zip 5 points 5 months ago

Interesting, thanks!

[–] Mikufan@ani.social 0 points 5 months ago

Sounds like you need to specifically target people. And discord doesn't run on my Mashine... My firewall furthermore blocks everything not allowed specifically or from system.

So... Eh. Would be worse if it was TeamSpeak.