Linux

65189 readers

432 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 7 years ago

MODERATORS

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

PSA: If you installed and launched/ran Cemu (WiiU emulation) within the last week you need to check that you have the safe version and did not inadvertently install one of 2 malware versions. (discuss.tchncs.de)

submitted 21 minutes ago by oblivion96@discuss.tchncs.de to c/linux@lemmy.ml

0 comments fedilink hide all child comments

https://old.reddit.com/r/cemu/comments/1tbbusq/security_psa_linux_malware_from_cemu_official/

Windows, MacOSX and the Flatpak are unaffected.

The compromised releases are:

Cemu-2.6-x86_64.AppImage

cemu-2.6-ubuntu-22.04-x64.zip

SAFE SHA256 checksum:

Cemu-2.6x86_64.AppImage 0c20c4aeb800bb13d9bab9474ef45a6f8fcde6402cad9b32ac2a1bbd03186313

cemu-2.6-ubuntu-22.04-x64.zip5e4592d0dae394fa0614cb8c875eff3f81b23170b349511de318d9caf7215e1b

Infected SHA256 / Checksums:

sha256: f140e76236b96adf7cdc796227af9808665143bc674debb77729fa3e4b8327cc

sha256: d07a29c4458d00e42d5d9e6345932592e91644d6b821bacdb7a543c628e0b41a

KDE: (Right-click your CemuApp Image -> Properties -> Checksum -> SHA256 button).

If you've run either (f140e or d07a29) to play some games or configure you may want to consider reinstalling your system if you've got any sensitive information, passwords or any of that in use. You're most likely safe if you didn't run the infected releases, but if you've updated and run Cemu recently, you're going to want to make sure you're in the clear, because if you're not then a reinstall may not be the worst idea.

From preliminary analysis it seems that mostly it is trying to spread itself rather than cause direct >damage, it does that by stealing SSH keys, github tokens and a lot of other passwords or keys that >they can then use to infect more packages or software releases.

This is likely also how we got affected. The other Cemu author (MangleSpec/Petergov) ran software >in WSL which was compromised through which they got hold of his github token. At least that is our >leading theory.

HOWEVER if your region is Israel (it detects this via keyboard layout and timezone settings), then it >will have a random chance to wipe your filesystem (subprocess.run(["rm", "-rf", "/*"])) every time you >start the compromised software.

So my immediate advice is this:

Delete the compromised Cemu files (Cemu-2.6-x86_64.AppImage and cemu-2.6-ubuntu-22.04-x64.zip). Note: You are not affected if you downloaded before 6th May. Reset all your passwords, ssh keys and service tokens Block IP 83.142.209.194 just in case. This is hardcoded and used as a remote endpoint

Source: ExZap - https://github.com/cemu-project/Cemu/issues/1911

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here