I was tired.
A company that's always banging on to upgrade their software for security reasons was also using Mailchimp for their marketing, and got their account compromised. Tailored emails were sent out informing all their users another update was required.
I somehow didn't notice that I went to [a mirror of] their website via this email. I then installed the modified version of their software, code-signed and all.
I might be lucky, I usually work in a VM so it was the VM that malware was installed into. However, if it managed to infect the shared drives before I isolated it then I won't be out of the woods. (It doesn't look like it did, but hard to be certain)
That it was code-signed is particularly irksome because I can't distribute a particular piece of hobby software without idiot AI-antivirus companies telling everyone I'm distributing malware because I haven't pay the $300 a year for a code-signing licence, meanwhile actual malware in the real world is code-signed, so those companies give it thumbs up - all 64 vendors on virustotal.com gave it thumbs up, while 32 of them give vague virus designations to my unsigned exe and won't reevaluate that status because there are 31 other vendors who had also lazily flagged it (this was literally given as a reason they won't evaluate whether it's a false positive).
Funnily, the moment I realised I'd installed malware, I immediately instinctively uninstalled it 🤦
(the uninstaller is an .exe which is provided to you by the same people who created the malware installer)
I was tired.
∽──────────────∽
=> back | home This content has been proxied by September (3851b).Proxy Information
text/gemini; lang=en