payload appears to have been hidden in test data then decrypted and injected during the build process.

  • addie
    link
    fedilink
    English
    arrow-up
    3
    ·
    9 months ago

    Okay - so it was cleverly hidden. Real question is what the binary blob does, so we can properly assess the damage…

    • underisk [none/use name]@hexbear.netOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 months ago

      Preliminary stuff I read yesterday suggests that it’s RCE triggered by a signal sent to SSHD. Safest bet is to nuke your system if you had the exploitable library running with an exposed sshd.