Difference between revisions of "User:KJ7RRV/QMFbrick"

From PINE64
Jump to navigation Jump to search
(Created page with "'''Trojan:Linux/QMFbrick''' is a family of malware targeting the PinePhone. Three variants are known: * QMFbrick.A: bundled with a Snake game in an Arch package * QMFbri...")
Tags: Mobile web edit Mobile edit
 
Tags: Mobile web edit Mobile edit
Line 12: Line 12:


KJ7RRV is currently working on reverse engineering QMFbrick and attempting to write a removal tool, initially focusing on the B variant.
KJ7RRV is currently working on reverse engineering QMFbrick and attempting to write a removal tool, initially focusing on the B variant.
It seems that running "sudo systemctl disable --now shadlow.timer" before 20:00 on a Wednesday (local time) will stop the A variant from doing any damage. This is not guaranteed, however, and it may or may not work with B and C.

Revision as of 05:39, 8 December 2021

Trojan:Linux/QMFbrick is a family of malware targeting the PinePhone.

Three variants are known:

  • QMFbrick.A: bundled with a Snake game in an Arch package
  • QMFbrick.B: bundled with wlsunset in an Arch package
  • QMFbrick.C: bundled with wlsunset in a Debian package

The trojans have been spread by anonymous download links in the Pine64 and DanctNIX chats.

The A variant was tested by Danct12 is known to soft-brick the modem and wipe /.

KJ7RRV is currently working on reverse engineering QMFbrick and attempting to write a removal tool, initially focusing on the B variant.

It seems that running "sudo systemctl disable --now shadlow.timer" before 20:00 on a Wednesday (local time) will stop the A variant from doing any damage. This is not guaranteed, however, and it may or may not work with B and C.