Targeted attack. May want to check if you updated the software in the last 6 months.
2 Likes
How do we check if we are compromised? I know that they link another article to help us, but it’s all just jargon to me. Where do i check for “indicators of compromise”? And to those who are compromised, what do we do? just a full reinstall?
I did a quick Windows defender scan and it found nothing. Does this mean I am not compromised? Im also running version 8.9, but who knows maybe I had the compromised version and it infected me. Not sure what to do so I’ll just do a full reinstall.
For the record, i think i’ve been using winget to update my apps. Does that change anything?
1 Like
I would check The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit
They have a list of comprimised indicators you could use to check your system against. For example, you could use wireshark to check and see if any connections are being made to the comprimised network indicators.
somebody with more experience then me can offer better advice but I would do a complete wipe and reinstall of any system thats infected.
Yeah that was the other article I was talking about. Still not exactly sure how to check. For the file indicators, I decided to just search through my entire computer with the default file search function. Nothing was found yet for one of them, but I don’t think I’m sticking around for additional checks. Just gonna reinstall.
A separate question for the techie people: does this Chrysalis backdoor infect my cloud storage at all? I had a cloud storage linked to my computer.
I think its unlikely most people were infected as the article makes it sound like they were focused on targeting specific individuals / orginizations.
China-state hackers who used their control to deliver backdoored versions of the app to select targets, developers said Monday.
Oh thank god.