https://bugzilla.kernel.org/show_bug.cgi?id=204241 TheRinger (tyrell.rutledge@xxxxxxxxxx) changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tyrell.rutledge@xxxxxxxxxx --- Comment #78 from TheRinger (tyrell.rutledge@xxxxxxxxxx) --- After this happened to me on Debian I started digging to find the source as it came with a payload which ultimately flashed my bios after flashing my wireless card’s firmware. I found two files that were modified from the original installation which may have been injected as the source hash is different. Researching further I’ve found some interesting comments about how this is done by manipulating Systemd after resuming from hibernation, and pulling memory back from the swap that was modified. The rabbit hole goes further as it then returns from sleeping after modifying the library’s that control fonts and their storage. You browse Google and your search’s contain websites with web fonts. In These fonts there is strange emojis and and symbols which at first seem like poorly designed icons and graphic s but actually contain raw code that is downloaded to your cache. At some point there is another part that goes in and assembles these code blocks to copy your .home/user/.ssh files because of weak user land file and directory attributes. Anyway this goes into on as you can imagine how this only continues to work. When this happens or after you restart because the computer doesn’t return from sleep. You end up with modifications to your bios, graphics, hard drive, firmware and anything else that it can possibly find to stay present. Your gparted code will contain code blocks that that swap out code from the end of your hard drive to the start. You will need to start from scratch by clearing cmos then uploading new firmware and zeroing out hard drives. It’s a huge headache. It may only get so far and so you may never end up downloading the cached fonts or some other step it needs and will think it’s just a glitch. Check your known hosts folder in your ssh directory also compare hashes to original source code . I switched to Slackware despite enjoying the simplicity of package management years ago as its appeal to me was it didn’t contain Systemd, recently I decided to try a mainline distro again only to discover this gem. The library files among others but notable only because the were in the original initramfs were libfribidi.o and libgraphite2.so -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug.
