Possible Phishing Attack This Morning

brent

related? on xfce my firefox launches on boot. I haven't set this or added this in xfce autostart. and I can't find a firefox setting for this. it's driving me crazy. I may remove my own xfce firefox and reinstall.

appreciate your PSA.

Solarmass

I don't think removing Firefox was necessary, was Firefox (and system) up-to-date?

WetGeek

Solarmass I don't think removing Firefox was necessary,

Since I don't use Firefox, it was an easy decision, whether necessary or not. Things didn't start to go bad until I clicked on a normal-looking link to an article in a email from a news source I work with every morning. I don't have any idea where the exploit came from, or at what point it entered my system. Need I say, this all happened very fast?

It's possible that the email was compromised before it got to me, but I consider that unlikely. It's possible that recent updates of Thunderbird or Firefox were infected - something I consider HIGHLY unlikely. But since I don't know how my system got infected, I just know that it DID, somehow.

If I'd known to be more careful than usual when I clicked the link in the email that launched the browser, I might have avoided all this. That's why I posted this message. By knowing what happened to me, someone else might be able to figure out what happened before it happens to them. I wish I had more clues to offer.

BTO

WetGeek
after deinstallation firefox:
did you also manually delete the /.mozilla-directories in your home-directory and in /.cache ?
because these remain even after deinstallation.
so just in case - to be sure - you can delete them.

right now i am also thinking about the question how i could check if my machines might have some malware on the Master Boot Record, or whereever. but i have no idea how i could manage that...

Axios

WetGeek Along those lines I got two file managers I have one program dont remb
what it is at moment but it launches the alternate file manager everything else uses the default.
Not sure why that is never really looked into it.
So for some reason it happens.

Solarmass

If you think that the system is affected somehow, maybe just reinstall it to be sure 🤷

WetGeek

Solarmass maybe just reinstall it to be sure

I just finished doing that. Mostly configured now. I'm writing this post using it.

BuzzPCSOS

It would be good measure to change passwords on your email accounts too. Typically a good move to make after any unwanted activity.

brent

this is the rare instance I would install CLamAv from flatpak and run it. There will be a ton of false positives.
Of 1000 warnings I got. Libre office suite threw about 990 of them (normal I'm told), and the other 10 were PUP's...

be interesting to see what they flag.

This disgusting behavior you had to tolerate....I haven't see that since Windows days.

WetGeek

brent I would install CLamAv from flatpak and run it

Oh ... too late. I already nuked it and reinstalled. Mostly finished with that now.

brent

WetGeek nice. I would've burned it to the ground to be sure, too. Now you gotta spend a day getting the XFCE where you had it but at least you don't have to worry.

WetGeek

brent Now you gotta spend a day getting the XFCE where you had

Not quite that long, thankfully. It's done now.