Comment on Malicious Atomic Arch NPM Campaign Thread
Tetsuo@jlai.lu 1 week agoThat was my understanding but I’m not sure I agree with your conclusion though.
This hack drops an infostealer that could steal passwords and other secrets, so even if the system removes the malware, the data stolen would still be an issue.
So you can be infected for even a few days and get some passwords stolen that would still be problematic.
But yeah the subset of Steamdeck users that activated write mode and installed an affected AUR package must be pretty small.
thingsiplay@lemmy.ml 1 week ago
My conclusion does align with yours, so I’m not sure what you mean. It is likely to be infected, because most people don’t use the AUR on the Steam Deck (because of the reverting back). And my conclusion was, if anyone is infected, then I would not trust the system anymore.