Difference between revisions of "User:KJ7RRV/QMFbrick"

Revision as of 17:51, 9 December 2021

Trojan:Linux/QMFbrick (usually called QMFbrick; sometimes simply called "the PinePhone malware" or "the malware") is a family of malware targeting the PinePhone.

Three variants are known:

QMFbrick.A: bundled with a Snake game in an Arch package
QMFbrick.B: bundled with wlsunset in an Arch package
QMFbrick.C: bundled with wlsunset in a Debian package

The trojans have been spread by anonymous download links in the Pine64 and DanctNIX chats.

The A variant was tested by Danct12 and is known to use systemd to set a timer to soft-brick the modem and wipe / on the first Wednesday after installation at 20:00 local time.

KJ7RRV is currently working on reverse engineering QMFbrick and attempting to write a removal tool, initially focusing on the B variant.

It seems that running "sudo systemctl disable --now shadlow.timer" before 20:00 on a Wednesday (local time) will stop the A variant from doing any damage. This is not guaranteed, however, and it may or may not work with B and C.

It is not known if the malware has any effects if it is disabled before the activation time. Out of an abundance of caution, a phone that has been infected, even if the malware has been disabled, should not be considered trustworthy.

@@ Line 9: / Line 9: @@
 The trojans have been spread by anonymous download links in the Pine64 and DanctNIX chats.
-The A variant was tested by Danct12 is known to use systemd to set a timer to soft-brick the modem and wipe / on the next Wednesday at 20:00 local time.
+The A variant was tested by Danct12 and is known to use systemd to set a timer to soft-brick the modem and wipe / on the first Wednesday after installation at 20:00 local time.
 KJ7RRV is currently working on reverse engineering QMFbrick and attempting to write a removal tool, initially focusing on the B variant.

Difference between revisions of "User:KJ7RRV/QMFbrick"

Revision as of 17:51, 9 December 2021

Navigation menu

Search