A reported Free Download Manager supply chain attack redirected Linux users to a malicious Debian package repository that installed information-stealing malware.

The malware used in this campaign establishes a reverse shell to a C2 server and installs a Bash stealer that collects user data and account credentials.

Kaspersky discovered the potential supply chain compromise case while investigating suspicious domains, finding that the campaign has been underway for over three years.

  • rufus@discuss.tchncs.de
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Yes. I do it the correct way. I use my favourite distro’s package manager to install software. This way it’s tested, a few people had a look at the changes, and sometimes a CI script automatically determines if the installer affects other parts of the system. I go to great lengths to avoid doing it any other way. (I’ve been using some flatpaks in recent times, though. But sometimes I also install it only for a separate user account. Mainly when it’s proprietary or niche.)

    It is super rare that I install random stuff from the internet. Or ‘curl’ and then pipe the installer script into a root shell. And when I do, I put in some effort to see if it’s okay. I think i had a quick glance at most of the install .sh scripts before continuing. So yes, I kinda do my best. And I isolate that stuff and don’t put it on the same container that does my email.

    Most of the times you can avoid doing it the ‘stupid way’. And even the programming package managers like ‘npm’, ‘cargo’, … have started to take supply chain attacks seriously.