ooooâŚHire me as a cheap IT lackie⌠
I would love to know what goes on in US government security
Right now? Absolutely NOTHING, nothing at all is going on in U.S. government security.
Hopefully one WITHOUT all the digital copy protection CRAP.
Now if they would completely abandon Manifest v3.
Now I know about a threat that I cannot eliminate or detect.
IDA is quite expensive and uses annual licenses.
Appendix
The deobfuscation tool below emulates the string decryption routine using Unicorn within IDA Pro 9 and Python >= 3.10. Decrypted strings are automatically annotated. The sample is not debugged but emulated, that guaranties safe usage on multiple platforms.
This exploits an SSH vulnerability, another justification for never having any form of remote access enabled on my systems. Call me paranoid, but too many vulnerabilities exploit these types of services that I have no real need to have permanently enabled on my systems. For security reasons, since my first computer purchase I have never left any remote desktop software enabled on any of my machines.
I have SSH enabled on three devices. However, access is only possible within the LAN. I have never allowed access from outside in the past and never will in the future.
I fear that we will unfortunately have to get used to such things and increasing malware on Linux.
It may be necessary to have sha checks on package files that arenât being changed, during updates (removes the obvious changing of local DB values) and flag any unknown files outside of /var, /home, and /opt, going forward. Do, âimmutable,â distros also get infected?
Flameshot v13.0.0 ()
Compiled with Qt 6.9.1
linux: 6.15.9-zen1-1-zen
garuda: unknown <â 
It is unclear from the article whether having sshd enabled is a requirement for the backdoor to work, nor does it mention the distribution method for this illusive plague. I wouldnât go looking at âatomicâ distros, or switching distros, or reinstalling, as an answer. You canât chase something you canât seeâŚ
I donât mean personally changing distros, but more what distros can start doing, going forward. Plus, a real question of if there is merit to using, âimmutable,â distros as a prevention, or if they make for easier detection. If the files can be seen in the fileystem (it seems they can be), and are either extra (as in not from known packages in the repos), in places where that isnât common, or have different hashes than a historically released version (and make sure other files from a given package match a specific release version), then it would be possible to see that something is not right (if you havenât messed with those packages, personally).
I doubt it cause you reset the OS, but to me that would be using a sledgehammer to fix issues that should be solved by other means. For most I do not believe immutable is the solution cause they will cause people to stop learning how to fix things themselves, but like I said for most. The is percentage that no matter what OS they are running they need a OS that will reset itself back to baseline.
As Linux becomes more widespread , I think we will have to deal with more malware, viruses, worms, etc. in the future. This will lead to major problems that will need to be solved. The average user does not want to learn how to solve these problems themselves. They want their devices to work without having to do anything. They donât care how this is achieved, whether through an immutable system, A"I", or something else. However, skilled virus coders will always be able to circumvent security mechanisms.
The assumption, following such a find, should be that it may have already been used to more deeply compromise the infected system, or connected systems, in ways that you may not find. So, a reset of things is kind of assumed, regardless of how itâs done. I was considering it from the standpoint of prevention (read-only even for root) or detection. IE, seeing new or different files that the OS tools canât verify as known contents of packages, that arenât obviously conf file changes youâve made.
That could be added to any kind of distro, but it seems like it would be easiest to implement on an, âimmutable,â one. Moving to such, as the norm, could make sense for common server and appliance distros. IMO, theyâd need to be implemented much differently than how they typically are, to not be more frustrating than theyâre worth, for most desktop or notebook use cases. Anyway, an automated infection would likely appear in an overlay, and be quite obvious, if one was looking for anything amiss. But, a targeted one, trying to get around that, might still be detectable â if only indirectly â as an integrity error in the base system.