Not good to hear they're based in Moscow, but that ship has presumably already sailed and sunk if you're running the auto-update code in an existing Audacity installation.

What other concerns besides national origin exist with this code? Nothing seems to qualify as a "back door," certainly.

▲

cookiengineer 2 days ago | parent [-]

Set the system language and timezone, the IP and originating ASN, to areas where APT28/APT29 is having active malware campaigns and see whether you'll receive a sample. Pretty simple.

The real question is whether they have changed their C2 behaviors since Valentine's day in 2023, and whether or not the AstraL1nvx botnet operator images are still available publicly.

▲

LeoWattenberg a day ago | parent [-]

please provide any sort of source that Audacity is, or ever has been, distributing malware.

▲

Orygin a day ago | parent | next [-]

He has none and has been trying to depict Audacity as a Russian malware vector for over a year now, but without providing any source.

▲

cookiengineer a day ago | parent [-]

Technically it's been over 4 years

	▲	h4ck_th3_pl4n3t a day ago \| parent [-]
		Sneed

▲

a day ago | parent | prev [-]

[deleted]