Hey all - I stumbled across this video on YouTube and I missed this by 1 version. It’s already been fixed but be careful which version you run.
1 Like
I saw this video earlier today as well. It’s interesting to say the least. And of course, a bit worrisome. However, I do implore anyone concerned to watch the video. It was only available for a few hours.
If you did download a malicious copy, it was pretty obvious. And I’d like to think everyone on this forum would have noticed: warnings on download (at least with Edge [I’m not a fan of this browser. But on Windows, it does directly link to Defender on downloads]), Defender/SmartScreen warnings when launching the installer, the installer wizard is all Russian (regardless of your region settings), etc.
Also, the installer itself doesn’t deliver the payload. Instead it’s a malicious DLL tied to the application EXE that triggers the infection; and at least with the HWMonitor part, the shortcut from the Start Menu doesn’t even link to the actual EXE; you get a ‘bad shortcut’ error (haha). You have to go find it in File Explorer and launch it from there. Only then does the ‘magic’ happen. You really have to ignore many, many red flags to get infected by this one.
So thankfully, the person that did this was apparently quite the amateur. But admittedly, it’s a bit scary to think what could have been had this person been a bit more advanced…
All of these supply chain attacks are just a preview of whats to come in the future. No system is going to be safe. Its time to quit IT business and start herding goats or sheep. This is all getting so tiresome.
2 Likes
It’s kind of funny how poorly AI is at writing code, and how well it works for writing attacks.
It seem you are not up to date on latest AI developments. Check Mythos AI news that were published recently. You are going to be very afraid.