Not a “back door” by my definition. The title of the article makes it sound like these operating systems have had a back door built-in in and it was only discovered now.
right ! … and this makes “arstechnica[.]com” clickbaity and it’s source “intezer” as well.
wtf, are some security groups run like inside the Dilbert comic strip ?
Edit after @CHEFKOCH@lemmy.ml comments below and above mine :
Oups, my bad, it says :
Backdoor for (W… and) Linux …
it does not say :
Backdoor in (W… and) Linux …It is not clickbait, the definition of a backdoor is clear. If a software package got compromised without that you’re aware of it and can still install it. This was the case.
Please do not call everything which does not fit into your thinking or world clickbait, it is not.
understood, corrected and upvoted
That’s a pretty wholesome response.
“Intezer said that may be an indication the file masqueraded as a type script app spread after being sneaked into the npm JavaScript repository.”
The article doesn’t say the developers leave the back door.
Disagree, it says - for - not - in - … there is a difference.
Infected NPM package
We need reproducible builds
Reproducible builds would have also stopped the Solar Winds hack too.
2022 Jan 11, source : https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/
“A possible attack vector for this malware is via an infected npm package.”
" … attack was initiated during the second half of 2021"
