| ▲ | jmclnx 7 hours ago | |
>With no indication that VoidLink is actively targeting machines, there’s no immediate action required by defenders, Plus no mention of how these machines get "infected". My guess is the admin will need to download something and manually install it. So a root kit ? I wish these articles would mention how these "most advance malware" gets on your system. | ||
| ▲ | worksonmine 5 hours ago | parent | next [-] | |
If you've ever worked in the node ecosystem you'd be surprised at the amount of devs that blindly run `sudo npm i -g ...`. Not to mention `curl ... | sudo bash`. The industry is very bad at teaching developers good hygiene on their machines. | ||
| ▲ | dist-epoch 6 hours ago | parent | prev [-] | |
it probably has multiple ways - infected npm packages, quickly exploiting CVEs before they are patched, ... | ||