now I’m hearing that the hack is being spread through direct messages as well.
as this seems to be a javascript hack, all admins logged on through any web ui (even the official one) are advised to not open dm’s from unknown users.
as mobile apps differ from browsers, and shouldn’t execute javascript directly, they should be less affected, but please take caution anyway for the time being.
edit: it seems lemmy.blahaj.zone has been hacked too. the malicious javascript has been detected in custom emojis and community description sidebars, so admins must watch out for new users who signup and immediately start posting custom emojis or opening new communities.
I think it is better to not open it at all (at least in the web browser, mobile apps seem to be okay, but nothing is really certain atm), as the malicious javascript seem to be connected to custom emojis and community descriptions in the sidebar (see my latest edit), so no clicking required.
now I’m hearing that the hack is being spread through direct messages as well.
as this seems to be a javascript hack, all admins logged on through any web ui (even the official one) are advised to not open dm’s from unknown users.
as mobile apps differ from browsers, and shouldn’t execute javascript directly, they should be less affected, but please take caution anyway for the time being.
edit: it seems lemmy.blahaj.zone has been hacked too. the malicious javascript has been detected in custom emojis and community description sidebars, so admins must watch out for new users who signup and immediately start posting custom emojis or opening new communities.
Merely open the dm? Or do we have to click the link for it to happen?
I think it is better to not open it at all (at least in the web browser, mobile apps seem to be okay, but nothing is really certain atm), as the malicious javascript seem to be connected to custom emojis and community descriptions in the sidebar (see my latest edit), so no clicking required.
Alright, got it. Thanks!
damn, i feel like we can check off one success criteria: suddenly so attractive for hacks.