Comment on More than a hundred backdoored malware repos traced to single GitHub user
JustARegularNerd@lemmy.dbzer0.com 1 day ago
Well that’s certainly no light read - I’ll admit that I’ve only read the first six sections of the document for now
The crux of it that I could see was the initial repo that was backdoored contained a malicious Windows command in the PreBuildCommand field of .vbproj file
My initial thoughts would be that it might be advisable for build tools to confirm any defined build commands with the user when it detects a command not seen before?
I suppose otherwise the argument could be made that if you’re downloading and compiling code that is backdoored, if you’re not checking .vbproj or equivalents, you’re probably also not auditing any source code either and you’re being pwned either way.
tal@lemmy.today 1 day ago
A lot of malware-adjacent stuff, like exploit demonstration code, has contained its own malware targeting the user. Probably best to run stuff like that in a container or VM.
JustARegularNerd@lemmy.dbzer0.com 1 day ago
Agreed - the end of the article does state compiling untrusted repos is effectively the same as running an untrusted executable, and you should treat it with the same caution (especially if its malware or gaming cheat adjacent)