Bad actors are abusing large, open-registration, low-moderation Mastodon instances in order to provide direction to the Vidar Stealer trojan horse, which steals passwords, credit card details, bitcoin wallets, etc.

If you run a large, open-registration, low-moderation instance, please consider changing at least one of those qualities.

@noelle does anyone know how this even work? Putting a scan command in a random profile should do anything execpt the target is already infected and opens this random profile?! :nkoThink:

@rick That's exactly correct. The Mastodon profile simply provides direction to the infected computer, and the owner of the Trojan horse knows which profile(s) to program into it.

Sign in to participate in the conversation
Hic quoque abibit.

Just Ellie (and perhaps some of her toys).