fsebugoutzone.org:9999

       Post APAbkHLMcc9FwKz9ZA by GIMP@floss.social
 (DIR) More posts by GIMP@floss.social
 (DIR) Post #AP4AVPjsIpMMO4YoMq by GIMP@floss.social
       2022-10-29T16:06:05Z
       
       0 likes, 9 repeats
       
       We have been informed of an apparently targeted attack via a Google ad, trying to lure people looking for GIMP to a malicious download.See https://www.reddit.com/r/GIMP/comments/ygbr4o/dangerous_google_ad_disguising_itself_as/The users are taken to a site that has copied the look of https://gimp.org, but the downloads are different.The GIMP team does not make use of ads on Google or elsewhere.
       
 (DIR) Post #AP4AVRL8Lml1Lv0556 by GIMP@floss.social
       2022-10-29T16:11:31Z
       
       0 likes, 0 repeats
       
       The attacker(s) seem to be actively monitoring reactions and changed the former approach - linking to a file on dropbox - with a less suspicious approach by now.Also people reported they registered other domains than the one in the link and malicious ads are still up (at least there were a few dozen minutes ago according to people reporting regularly) even though we reported it to Google this morning (CET).
       
 (DIR) Post #AP4fp2uTzF81xIMaTQ by nergal@linuxrocks.online
       2022-10-29T23:12:40Z
       
       0 likes, 0 repeats
       
       @GIMP that is like what was done with &#39;gimp.com&#39; a decade or so ago. then, it was windows.
       
 (DIR) Post #APAbkGrwO0c2T5Dehk by sr3@masto.pt
       2022-10-30T16:39:04Z
       
       0 likes, 0 repeats
       
       @GIMP do you have an analysis of the software? Was it packet with a trojan and for which operating systems?
       
 (DIR) Post #APAbkHLMcc9FwKz9ZA by GIMP@floss.social
       2022-10-31T18:37:25Z
       
       0 likes, 0 repeats
       
       @sr3 Someone did, though I hope you&#39;ll forgive me because it&#39;s a Twitter thread: https://twitter.com/0x0luke/status/1586699718394089473And apparently yes, it&#39;s a known Trojan stealing infos, such as passwords and whatnot.Though when I checked, I saw a zip, here they talk about an exe. I think the attacker evolved as the attack was in-progress; therefore who knows, maybe it was something else at another point in time too?!
       
 (DIR) Post #APAbkHwEPXdfmgEb20 by sr3@masto.pt
       2022-11-01T10:57:16Z
       
       0 likes, 0 repeats
       
       @GIMP not too advanced of a threat. Mild AV evasion, not including other OS.Bc this could be used for a very fine grained attack, showing the add only for region, OS, language, even age of user.
       
 (DIR) Post #APAbkIZE4YpZjcTjoO by GIMP@floss.social
       2022-11-01T14:34:28Z
       
       1 likes, 0 repeats
       
       @sr3 For us, even one person&#39;s data getting hijacked by such people is already too much. 😑And using the visibility of our software to do this is making the thing quite personal and ugly as we like to share GIMP to help people.