Cemu (WiiU emulator) compromised by Russian threat actor
8 hours ago
- #Linux Threat
- #Security Compromise
- #Cemu Malware
- Cemu emulator 2.6 AppImage and Ubuntu zip files on GitHub were compromised by a pro-Russian threat actor from May 6th to May 12th.
- Only Linux users who downloaded the specific compromised binaries during that period are affected; Windows, MacOS, and Flatpak users are safe.
- The malware includes a sophisticated password stealer targeting programming and cloud services, and it may create specific files/directories like /tmp/.transformers and /usr/bin/pgmonitor.py.
- For affected users, recommended actions include deleting compromised binaries, resetting passwords and authentication tokens, blocking IP 83.142.209.194, and considering a clean OS install.
- Israeli users face a 1:6 chance of a siren sound and a 'rm -rf /' command that attempts to wipe filesystems, but data recovery is possible if no new data is written to the drive.
- The compromise likely occurred via a stolen GitHub token from a team member's compromised Python package, and measures have been taken to prevent future incidents.
- Good file hashes are provided for verification: Cemu-2.6-x86_64.AppImage (sha256: 0c20c4aeb800bb13d9bab9474ef45a6f8fcde6402cad9b32ac2a1bbd03186313) and cemu-2.6-ubuntu-22.04-x64.zip (sha256: 5e4592d0dae394fa0614cb8c875eff3f81b23170b349511de318d9caf7215e1b).