The malware continuously monitors its access to GitHub (for exfiltration) and npm (for propagation). If an infected system loses access to both channels simultaneously, it triggers immediate data destruction on the compromised machine. On Windows, it attempts to delete all user files and overwrite disk sectors. On Unix systems, it uses shred to overwrite files before deletion, making recovery nearly impossible.
shred is intended to overwrite the actual on-disk contents by overwriting data in the file prior to unlinking the files. However, shred isn’t as effective on journalled filesystems, because writing in this fashion doesn’t overwrite the contents on-disk like this. Normally, ext3, ext4, and btrfs are journalled. Most people are not running ext2, save maybe on their /boot partition.
ThatGuyNamedZeus@feddit.org 3 weeks ago
Cool! Now consider all the others they haven’t found yet
Skullgrid@lemmy.world 3 weeks ago
the ones that scare me are apt and pacman and the others
redsand@lemmy.dbzer0.com 3 weeks ago
Those aren’t insane to audit. It’s the libraries everyone uses