July 13, 2021

Just got trojan infected by my own piece of software.

So I have a piece of software that me and my other dev have been building for the last 4 months.

Earlier today, he was working on fixing a few bugs that kept popping up. Our hopes were to launch this software as an SaaS product by September.

We have an updater module sewed into the starting function that checks as soon as the program opens whether or not changes have been made to the software on the server side of things. If it detects that changes have been made, it will go and update the software automatically to match that of the server version.

Well earlier he had made some changes, added them to github and updated the server accordingly. I go onto the software itself to conduct a UI test and the software goes ahead and starts updating. However, I instantly start getting notifications from Windows Defender telling me threats have been found. Clicking on it, I see two files of high severity labeled as trojan malware.

I instantly go to malware bytes and start running a scan while frantically moving my important files onto google drive before deleting them.

Ultimately, I’ve had about 47 detected malware files when a few weeks back I had zero. I ran the scan an additional 3 more times until I had 0 suspicious files and the rest have been placed into quarantine.

Typically, my OPSEC is on-point but I really wasn’t expecting my half-owned piece of software to suddenly launch an attack on me. I’m not sure whether my other dev was behind this but we’ve had a good working relationship for several months now, working 60 hour weeks together. I’m not sure why he’d suddenly turn around and purposely try to infect me as the only other user of this software.

Perhaps our AWS server got hacked into with someone embedding a bunch of malware into our code but that seems quite unlikely as well given we’ve kept it under lock quite heavily.

It seems that the attack has already occured and even if it was stopped in its tracks ahead of time, my computer is likely compromised forever now.

Not sure what to do now. This happened within the last hour and I’ve yet to hear from the other dev.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.