• s38b35M5@lemmy.world
    link
    fedilink
    English
    arrow-up
    63
    arrow-down
    2
    ·
    5 个月前

    The joke’s on you, malware devs! I never use Discord, and never did on my Linux machines.

    • RonSijm@programming.dev
      link
      fedilink
      arrow-up
      20
      ·
      5 个月前

      I would assume this just relies on the Discord API being read by the bot - and not on having a local discord installed…

    • devfuuu@lemmy.world
      link
      fedilink
      arrow-up
      12
      arrow-down
      3
      ·
      5 个月前

      Let’s see if the flatpak ideas about sandboxing being pushed down our throats actually prevent these abuses or not…

        • Redjard@lemmy.dbzer0.com
          link
          fedilink
          arrow-up
          16
          ·
          5 个月前

          More so, if it is easily sandboxed, it should just be a webapp. Which discord already is.
          Just use the website.

          Browsers are already easily themed, have plenty of tools to change deeper functionality, and are way more sandboxed than any other app packaging ecosystem.

          • MinusPi (she/they)@pawb.social
            link
            fedilink
            English
            arrow-up
            15
            ·
            5 个月前

            Everything is ever so slightly broken in a way that I just can’t ignore. Personalization doesn’t quite work. Permissions are overwhelming and usually lead to silent failures. Integration with the rest of the system is weak at best.

            • Vilian@lemmy.ca
              link
              fedilink
              arrow-up
              1
              arrow-down
              1
              ·
              5 个月前

              so problems from programs that don’t support flatpak, not flatpak fault, because everything you said is supported

              Everything is ever so slightly broken in a way that I just can’t ignore.

              this isn’t even caused by flatpak, it’s the app fault

              • MinusPi (she/they)@pawb.social
                link
                fedilink
                English
                arrow-up
                4
                arrow-down
                1
                ·
                5 个月前

                I don’t care whose fault it is, it’s obnoxious and I don’t want to bother with it. Lately though, it seems like everything is only being released as a flatpak app despite those issues.

  • Catoblepas@lemmy.blahaj.zone
    link
    fedilink
    arrow-up
    21
    arrow-down
    1
    ·
    5 个月前

    Asking as someone who is absolutely not tech proficient compared to most lemmy users: is this a vulnerability with Linux or Discord specifically, or is this something that could be carried out on any OS/messenger if the computer was infected?

    • HuntressHimbo@lemm.ee
      link
      fedilink
      arrow-up
      41
      arrow-down
      1
      ·
      5 个月前

      From the article, it sounds as though this isn’t something a normal user should be worried about. They said the security researched believe it targets a Linux distribution used by the Indian government, and the phishing/malicious links seem intended to target Indian officials.

      • Optional@lemmy.world
        link
        fedilink
        arrow-up
        14
        ·
        5 个月前

        According to Volexity, the malware was discovered after the researchers spotted a UPX-packed ELF executable in a ZIP archive, likely distributed through phishing emails. Volexity believes that the malware targets a custom Linux distribution named BOSS that Indian government agencies use as their desktop.

        I use Arch, btw. /s

    • NateSwift@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      31
      ·
      5 个月前

      It looks like there isn’t a vulnerability at all. Just a malware executable disguised as a pdf in a zip file that uses discord as a communication method