• 𝒍𝒆𝒎𝒂𝒏𝒏
    link
    fedilink
    711 months ago

    I think they would start obfuscating the relevant code to get around it

    Many ad networks and AABs do something similar (especially Admiral) in an attempt to evade ad blocking extensions

    • ShaunaTheDead
      link
      fedilink
      411 months ago

      Do you think using a custom ssh key directory would prevent these malicious apps from working correctly or is there some environment variable that always points to the ssh key folder or I guess they could just run a search on the system for any files like *.pub. Are there any safety procedures that one can take to circumvent these kinds of attacks?

      • 𝒍𝒆𝒎𝒂𝒏𝒏
        link
        fedilink
        211 months ago

        I think so, assuming these malicious packages are all primitive enough to just look for the single file in a user’s home folder lol. The only downside here is needing to provide the keyfile location to ssh every time you want to connect… Although a system search would pretty much defeat that instantly as you mention

        SSH keyfiles can be encrypted, which requires a password entry each time you connect to a SSH server. Most linux distros that I’ve used automatically decrypt the SSH keyfile for you when you log in to a remote machine (using the user keyring db), or ask you for the keyfile password once and remember it for the next hour or so (using the ssh-agent program in the background).

        On Windows you can do something similar with Cygwin and ssh-agent, however it is a little bit of a hassle to set up. If you use WSL i’d expect the auto keyfile decryption to work comparably to Linux, without needing to configure anything