The malware continuously monitors its access to GitHub (for exfiltration) and npm (for propagation). If an infected system loses access to both channels simultaneously, it triggers immediate data destruction on the compromised machine. On Windows, it attempts to delete all user files and overwrite disk sectors. On Unix systems, it uses shred to overwrite files before deletion, making recovery nearly impossible.
shred is intended to overwrite the actual on-disk contents by overwriting data in the file prior to unlinking the files. However, shred isn’t as effective on journalled filesystems, because writing in this fashion doesn’t overwrite the contents on-disk like this. Normally, ext3, ext4, and btrfs are journalled. Most people are not running ext2, save maybe on their /boot partition.
ThatGuyNamedZeus@feddit.org 1 week ago
Cool! Now consider all the others they haven’t found yet
Skullgrid@lemmy.world 1 week ago
the ones that scare me are apt and pacman and the others
redsand@lemmy.dbzer0.com 6 days ago
Those aren’t insane to audit. It’s the libraries everyone uses