Password-stealing Linux malware served for 3 years and no one noticed

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Aria2 Security Qt5 supply-chain-security Python3

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • persepolis

    Persepolis Download Manager is a GUI for aria2.

    • This is installed by adding a shady repository to your apt sources.list...

    How is this a supply chain attack? My official debian repository have never been breached so far.

    This is no different from downloading an .exe of a shady website and running it.

    Also: https://packages.debian.org/search?keywords=download+manager... lists:

    • uget: https://sourceforge.net/projects/urlget/

    • kget: https://apps.kde.org/en-gb/kget/

    persepolis: https://persepolisdm.github.io/

    why use "Free Download Manager"? Is this targeting new-comers from windows?

  • slsa

    Supply-chain Levels for Software Artifacts

    • It doesn't have to be. Corporations which are FedRAMP[1] compliant, have to build software reproducibly in a fully isolated environment, only from reviewed code.[2]

    [1] https://en.wikipedia.org/wiki/FedRAMP

    [2] https://slsa.dev/

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts