Bad actors are abusing large, open-registration, low-moderation Mastodon instances in order to provide direction to the Vidar Stealer trojan horse, which steals passwords, credit card details, bitcoin wallets, etc.

If you run a large, open-registration, low-moderation instance, please consider changing at least one of those qualities.

bleepingcomputer.com/news/secu

To add additional clarity on how this works:

1) Bad actor sets up Mastodon accounts with the IP of the site the trojan horse should use to get its data, assuming that because of open registration and nobody regularly reviewing new accounts that don't post objectionable content, they won't get kicked off.
2) Bad actor sets up their copy of the Vidar Stealer trojan to track those Mastodon accounts.
3) Bad actor tries to trick people into installing their trojan horse with the usual tricks (fake download sites, attachments in emails, etc.)
4) The trojan horse looks at those Mastodon accounts to get the IP address it should check to download its payload.

Mastodon itself is not a delivery vector for this trojan horse; the accounts simply exist to provide a trusted source for information for an already-infected computer. You do not have to worry about getting a virus from Mastodon!

@suetanvil @noelle

Technically, one could also program a trojan to do the following:

1) Register an account on an open registration instance, possibly even create a dedicated instance for this purpose.
2) Create an account on one or more other open registration instances.
3) Instruct those other accounts to follow the first one, thus ensuring that the first one is federated to those other instances.
4) Program the trojan to randomly try any of the instances which are following the first one, and pull posts from their federated feed.

How do you solve this one without having federation explicitly controlled by an allow or blocked by a deny list? Do you tell your users that they cannot even follow accounts except if they're on specific instances?

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!