Fuck me🫠
#ArsTechnica used in #malware campaign with never-before-seen obfuscation, 20240130,
by Dan G,
https://arstechnica.com/security/2024/01/ars-technica-used-in-malware-campaign-with-never-before-seen-obfuscation/
『A benign image of a pizza was uploaded to a third-party website and was then linked with a URL pasted into the “about” page of a registered Ars user. Buried in that URL was a string of characters that appeared to be random—but were actually a payload [...] Devices already infected with the first-stage malware used in the campaign automatically retrieved these strings and installed the second stage
...
Mandiant researchers said there were no consequences for people who may have viewed the image, either as displayed on the Ars page or on the website that hosted it. It’s also not clear that any Ars users visited the about page.』