Boing Boing was hacked

Thanks for the heads up and forthright information.

6 Likes

You’ll have to wait until the FTC settlement comes through.

4 Likes

I was running an adblocker when the very official Flash update page popped up. uBlock origin to be precise. With Malwarebytes. But I recognized it for what it was and after closing the page and reloading, it went away after the second or third try.

And yes, I did run a virus scan, just to be sure.

4 Likes

Same thing — load the menu briefly then to flash update page. So I updated flash via direct download in case they were using a new exploit, ran several scans from different programs and tried again later.

Thanks for the update.

1 Like

Agree. This could be a good sign it’s time for BoingBoing to review and revise its approach to cluttering up the site with distracting ads, including the flashy “Top Articles” panel, spinning coins, and other visual junk.
As another example of the current confusion, I wanted to repost the vision of overcoming climate change (political rewilding) and couldn’t even get the first image, instead was only offered the Intercept and AOC.

6 Likes

I bet it was @beschizza. He probably thought his password was safe.

11 Likes

Oh, MAN…

Not the Bobo! Say it ain’t so!..ok, at least you said it was so. So, there’s that.

So who coughed up the creds?..do tell! (Oh, we couldn’t! SURE you could! We’re all friends here…)

I saw the same as you.

I decided to be bold and click the ‘install’ button. It went on to download an APK, and give instructions for how to bypass play store protections and install random APKs.

This I did not do :slight_smile: but I did upload the APK to virustotal and hybrid-analysis

(reports at VirusTotal
and
Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'setup-9.3.7-5840.apk'
for the curious)

13 Likes

Do you think using Ublock origin and/or NoScript would reduce the chances this malvertising got someone?

In this case, from all appearances, as long as you didn’t install the malware being offered, you should not be affected.

6 Likes

opt in malware? almost nice in an old school way.

thanks for being transparent

9 Likes

Well that explains all the Flash windows popping up…

1 Like

I mean this in the nicest way man I really do no insult intended but you are gullible as hell if you actually did that.

Bad. No. Don’t do that again. I have a personal hatred of malware people they are at the bottom of the hierarchy of scammers, just as mimes are the lowest hierarchy of Comedy. I dream of finding one and accidentally burning his house down as he stands outside and watches

What could possibly go wrong submitting my personal information to this entirely electronic corporation?

Nothing wrong with grabbing the payload and submitting it to relevant security folk. Dangerous though, given the install link itself may have been an exploit. Best to leave it alone.

10 Likes

Completely off topic: I was told sarcasm was the lowest form of humor. So are sarcastic mimes absolute garbage, comedically speaking?

On topic: like many other posters, I saw the pop up but didn’t click. I appreciate the transparency of letting us all know what happened. thank you.

4 Likes

Well this rules out the west coast.

No self-respecting Hackerman (or woman or otherwise) would be awake at 8:30 AM

I’m just kidding, I’d imagine most of the time this sort of thing is automated. I guess if they are trying to target random end users machines it is to build a botnet but who knows. I just know all the times I’ve ever run web servers at home I would get tons and tons of random HTTP requests coming in from China, Russia, etc trying to get to random admin page paths for common CMS systems.

but this was sufficient to track down the malicious activity and user account in question and react accordingly

image

7 Likes

I’m glad my spideysense noticed the weird redirect… i was quite inebriated at the time too :stuck_out_tongue:

Did anyone download the installer? Kinda wish i did now but my money is that it would’ve just been your standard cryptolocker or RAT.

1 Like

I’m gullible for downloading malware and detonating it in a sandbox to understand what it does?

I guess that makes me professionally gullible, because that’s a large part of what I do for a living.

20 Likes