| ▲ | cookiengineer 2 days ago |
| Well, technically the reason for the fork was the implanted backdoor that was executing a binary coming from Muse groups server, hidden as telemetry and an update check. It's not a well built backdoor and the code is easy to spot, as there's not a lot of other http related code in audacity itself. edit: Check the au3/src/update/UpdateManager.cpp, they're still not hiding this better after all that happened, lol. [1] https://github.com/audacity/audacity/blob/8d6e45a9756e700b7f... |
|
| ▲ | swiftcoder 2 days ago | parent | next [-] |
| Can you point out the specific issue here? At a glance it looks like a fairly normal self-update patching process |
|
| ▲ | Orygin 2 days ago | parent | prev | next [-] |
| I mean, you already are "executing a binary coming from Muse groups server" if you downloaded Audacity from their website. How is an auto update mechanism a backdoor? You have to accept a modal for it to run the downloaded binary. I guess it could be improved by using and verifying signatures, but it seems pretty on point for a standard windows software auto update feature |
|
| ▲ | gpers0n a day ago | parent | prev | next [-] |
| To be fair, I'm not sure if that's really an accurate description of it. Either way, just wanted to say hi! :D |
| |
| ▲ | cookiengineer 10 hours ago | parent [-] | | You are not the one who lost their loved ones over this, we are way past that point of assumed innocence. There's a reason for why I am doing what I am doing. | | |
| ▲ | gpers0n 3 hours ago | parent [-] | | If it has truly escalated to that point, then I certainly cannot speak further. You are right in that I have been fortunate enough not to lose anyone over such a matter. I do feel sorry for your loss, however, because no one deserves to lose a loved one like that. |
|
|
|
| ▲ | LeoWattenberg 2 days ago | parent | prev [-] |
| You are aware that VLC, LibreOffice and many other FOSS apps have an update checker? |
| |
| ▲ | cookiengineer 2 days ago | parent [-] | | The problem is not the update check itself, but what the server in Moscow returns. That's the whole point and the reason of me mentioning it. | | |
| ▲ | LeoWattenberg a day ago | parent | next [-] | | There is no server in Moscow, and I don't think there ever was. Muse Group left their original office in Kaliningrad for Cyprus pretty much the second the war started, and at this point has no offices or employees left in Russia. The servers always have been bog-standard cloud things, so Cloudflare, DigitalOcean, aws via Netlify and such. | |
| ▲ | CamperBob2 2 days ago | parent | prev [-] | | Not good to hear they're based in Moscow, but that ship has presumably already sailed and sunk if you're running the auto-update code in an existing Audacity installation. What other concerns besides national origin exist with this code? Nothing seems to qualify as a "back door," certainly. | | |
| ▲ | cookiengineer 2 days ago | parent [-] | | Set the system language and timezone, the IP and originating ASN, to areas where APT28/APT29 is having active malware campaigns and see whether you'll receive a sample. Pretty simple. The real question is whether they have changed their C2 behaviors since Valentine's day in 2023, and whether or not the AstraL1nvx botnet operator images are still available publicly. | | |
| ▲ | LeoWattenberg a day ago | parent [-] | | please provide any sort of source that Audacity is, or ever has been, distributing malware. | | |
| ▲ | Orygin a day ago | parent | next [-] | | He has none and has been trying to depict Audacity as a Russian malware vector for over a year now, but without providing any source. | | | |
| ▲ | a day ago | parent | prev [-] | | [deleted] |
|
|
|
|
|
