Continuing the #Git Curriculum from #ACDH, this short course shows how to use the code editor VS Code with its graphical user interface for working collaboratively in Git with Windows, Mac and Linux!

#TrainingTuesday #GitCode

➡️ https://docs.google.com/spreadsheets/d/1zSsqoPKohYEsSFRifhoKqZSbq8JOGNJ3hyI8siEV71k/edit?gid=529202751#gid=529202751

#ESETresearch discovered and named 🇨🇳 China-aligned #APT group #PlushDaemon who did a supply-chain compromise of a 🇰🇷 South Korean #VPN provider, trojanizing its legitimate software installer with a Windows backdoor we named #SlowStepper.

https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-supply-chain-korean-vpn-service/

The website had been compromised by PlushDaemon since at least November 2023, resulting in users from 🇰🇷 South Korea, 🇨🇳 China, and 🇯🇵 Japan downloading the trojanized installer, which deployed the legitimate software and SlowStepper.

The installer deploys malicious files that contain several components inside a custom-formatted archive , including loaders, a process monitor , legitimate PE files abused for side-loading, and the SlowStepper backdoor.

SlowStepper has several interesting features such as decoding #DNS TXT records of a malicious domain to obtain its C&C servers, and a 🐚 shell mode with custom commands, one of which executes modules of an extensive toolkit stored at the Chinese code repository #gitcode

We presented about #PlushDaemon at #jpcert_ac on January 22, 2025 at https://jsac.jpcert.or.jp/

IoCs available in our GitHub repository at https://github.com/eset/malware-ioc/tree/master/PlushDaemon

https://feddit.it/post/9930221 "Pare che i #cinesi di #GitCode stiano clonando interi progetti su #github senza alcun esplicito consenso... 🤨"

"È il #SoftwareLibero bellezza, è tu non ci puoi fare proprio niente" (cit. https://it.wikipedia.org/wiki/L%27ultima_minaccia)