SECURITY PSA - For Cemu emulator 2.6 (recent AppImage/Ubuntu downloads compromised to include malware

Posted by T0RU2222222222222222@reddit | linux | View on Reddit | 9 comments

[-]

1000naziscalps@reddit

Obviously this is bad and getting more common as an attack and all but the siren and running rm -rf / if you're in Israel gave me a chuckle.

[-]

T0RU2222222222222222@reddit (OP)

apparently the malware apparently doesn't wipe the drive of israeli users as i previously stated, because the malware developers fucked up the code

[-]

T0RU2222222222222222@reddit (OP)

I read somewhere they botched the RM command so it doesn't delete anything.

[-]

T0RU2222222222222222@reddit (OP)

nevermind i was wrong

[-]

shroddy@reddit

The website does not work for me so I ask here. Does it affect the downloads on the Cemu website / GitHub or also downloads from the Ubuntu repos or Snap?

[-]

gainan@reddit

https://github.com/cemu-project/Cemu/issues/1911

[-]

Nightron@reddit

The compromised releases are: Cemu-2.6-x86_64.AppImage cemu-2.6-ubuntu-22.04-x64.zip Only if you have downloaded these between 6th May and 12th May from our github page. This also affects third party launchers which usually directly download from our repository. As of writing this, the compromised releases have been restored to their good version.

[-]

Infinity-of-Thoughts@reddit

The compromised releases are:
Cemu-2.6-x86_64.AppImage
cemu-2.6-ubuntu-22.04-x64.zip
Only if you have downloaded these between 6th May and 12th May from our github page. This also affects third party launchers which usually directly download from our repository. As of writing this, the compromised releases have been restored to their good version.

[-]

SoilMassive6850@reddit

We are still tracking the exact chain of events down but the leading theory is that a collaborator on our team ran a compromised python package which stole his GitHub token. This was then used to reupload a compromised version of the two linux binaries in the v2.6 (latest) release of Cemu. We have taken measures to prevent this from happening in the future.

Once again we learn why re-authentication for important actions and PGP package signing (or equivalent) should be mandatory everywhere, preferably (or it should probably be mandatory) with hardware security keys to prevent malware from stealing credentials.