- cross-posted to:
- linuxmemes@lemmy.world
- cross-posted to:
- linuxmemes@lemmy.world
cross-posted from: https://lemy.lol/post/45980344
I still find it ironic that the dude that found the malicious code was a Microsoft employee.
Honestly just makes me feel like Microsoft was already ripping off code from the project and they needed another method of discovery to avoid suspicion.
Windows did add .rar, .7z and .tar support in late 2023, and the ZX-utils backdoor happened just half a year later.
I have friends everywhere.
I feel like the latter really happened. That sounds too specific to be made up.
This story does make me worried though, that this is the case where they were caught, and there are many more where they weren’t caught.
I’m more worried about the top case, honestly. That probably happens way more often and found out less often because the stuff isn’t opensource.
We had this discussion in another thread. This was a most likely state sponsored action with huge time investment. It was also highly complicated because it is nearly impossible to hide this stuff due to the number of eyes on the code. Of course it is possible, but its not feasible to assume its somehow massive.