payload appears to have been hidden in test data then decrypted and injected during the build process.

  • addie@feddit.uk
    ·
    8 months ago

    Okay - so it was cleverly hidden. Real question is what the binary blob does, so we can properly assess the damage...

    • underisk [none/use name]
      hexagon
      ·
      8 months ago

      Preliminary stuff I read yesterday suggests that it’s RCE triggered by a signal sent to SSHD. Safest bet is to nuke your system if you had the exploitable library running with an exposed sshd.