Email or username:

Password:

Forgot your password?
Hugo Gameiro's posts Post Back to profile
Hugo Gameiro

I have made a post about some Mastodon instances being associated with malware and explaining what I found: github.com/mastodon/mastodon/d

I think it can be interesting for people who are #mastoadmin + would love to have people from #cybersecurity have a look and share any feedback. Thanks.

18 Jun 2022 at 14:33 | Open on masto.pt
14 comments
Tim Chambers

@hugo we are taking that hugely seriously and do think a means of cross-instance warning would make sense…. Certainly posting to #mastoadmin is one way. Bet there could be others.

18 Jun 2022 at 14:48 | Open on indieweb.social
Tim Chambers

@hugo here is key bit from the above: “… an attacker creates a profile on a social media site like anyone else. Then adds the URL of their profile (or RSS feed) to the malware bot. Once the bot infects a third-party computer, it fetches the social media profile of the attacker and looks for instructions. The attacker can then issue instructions/commands using standard social media tools, and the bot follows those instructions . “ cc: @mastohost

18 Jun 2022 at 14:56 | Open on indieweb.social
stux⚡

@hugo Thank you for this! We had the same issue with mstdn.social on the exact same day as mastodon.social but fort i my response was in time to not get 'banned'.

I have done many scans since this issue but never found anything else than the one account with a "ping IP" in the bio! I've spend a load of time getting us from all VirusTotal related sites since many just copy paste the result :sad_cat:

18 Jun 2022 at 14:56 | Open on mstdn.social
Hugo Gameiro

@stux Thank you so much for sharing.

How did you mstdn.social out of VirusTotal? I could do it on CRDF Threat Center but don't know how I can do it on VirusTotal.

18 Jun 2022 at 14:59 | Open on masto.pt
stux⚡

@hugo Get in touch with all vendors that list you as malicious 😮

There was one or two that i couln't find anywhere so I bet we're still flagged :blobcatgiggle:

Most have forums or removal req forms

18 Jun 2022 at 15:00 | Open on mstdn.social
Hugo Gameiro

@stux Oh, that makes sense. Thank you for letting me know.

18 Jun 2022 at 15:06 | Open on masto.pt
stux⚡

@hugo You're welcome Hugo! :blobcathearts:

18 Jun 2022 at 15:12 | Open on mstdn.social
Tim Chambers
stux⚡
logan

@stux@mstdn.social @tchambers@indieweb.social @hugo@masto.pt out of curiosity i checked my own domain,
all clean except for 1, wish more details where provided.
18 Jun 2022 at 17:01 | Open on www.loganjohndarylgraham.xyz
Evelyn fra denne andre øya

@hugo@masto.pt AV companies continue to do questionable things, no surprises

18 Jun 2022 at 15:06 | Open on misskey.bubbletea.dev
Kat M. Moss

@cambridgeport90 I just read that... Upvoted all posts in the discussion.

20 Jun 2022 at 17:31 | Open on indieweb.social
MissInformation

@hugo around 20 years ago various large IRC channels were shut down because they were being used for C&C. I then wrote a test program that made Twitter usable as a C&C frontend. At that time there was still an RSS feed and you could easily search it for commands. I then steganographically hid the commands in cat images that were delivered as PNG.
Since I got the hang of it with my little knowledge and in a few days, I'm sure that such or similar methods are probably widespread.

21 Jun 2022 at 9:25 | Open on chaos.social
ArtistXoder

@hugo wait so mastodon safe to use? Also one of my old friends is a cyber security expert that researchers these sort of thing an also crazy about crypto security.

21 Jun 2022 at 9:38 | Open on koyu.space
Go Up