Numerous orgs hacked after installing weaponized open source apps (opens in new tab)

(arstechnica.com)

13 pointspcsalad3y ago2 comments

2 comments

> the hackers instruct the individuals to install the apps, which infect the employees' work environments

But why not use a hype headline implying that OSS tools were weaponized.

Because they weren't. This is a social-engineering attack to install modified versions of the tools that end up being trojans. The tools themselves were fine, and no malicious code ever made it upstream, at least that we know about (not that upstreaming was attempted in this case).

j / k navigate · click thread line to collapse

2 comments

hulitu3y ago

> the hackers instruct the individuals to install the apps, which infect the employees' work environments

But why not use a hype headline implying that OSS tools were weaponized.

LoganDark3y ago

j / k navigate · click thread line to collapse