A great example is Pytorch just recently had a supply chain attack, and installing the nightly version between December 25th and December 30th, 2022 - would result in your home directory getting uploaded including ssh keys.
Chrome also just had a 0 day 2022 - CVE-2022-3075
Pytorch supply chain attack via Triton 2022/2023 - https://www.bleepingcomputer.com/news/security/pytorch-discl...
EDIT: Also there's a misconception that linux somehow doesn't get viruses - however the Pytorch attack affected linux users. Making a virus for windows gives you far more targets then linux, which is why they're far more common.
On the other side, you install a very invasive av software, which runs as privileged user and intercepts everything thats happening on your system. They even make a great target for malware by themself. Just recently ClamAV had a bug in it's file scanner, which let to an rce: CVE-2023-20032
And they're almost exclusively used in targeted attacks against valuable targets, because burning a 0-day to hack grandma's old laptop and steal her facebook password isn't a particularly good investment.
README.md : "to get this to work, curl or wget the following script and run it as sudo"
Linux users: Aye
Installing software to the system should be handled by a package manager, but if you must install something like this, just throw it in a tmpfile and inspect the script before running it.
I know the response to this will be "but the things the script downloads and installs could be malicious", and while this is true, so long as the sources in the install script are fine, I consider this to be a separate issue (but still a big issue).
The issue of trusting source code or binaries is a thing but it doesn't justify copy pasta'ing random scripts in the shell.
Another thing to take note of, there in the past have been bugs in terminal emulators that allowed pasting certain characters that made the text look completely different than what it actually was, so pasting "ls $HOME" could have actually been "rm -rf ~/" for example.
Do you think Defender would have helped with that? I'm highly doubtful.
What would probably have, is if MS's implementation of protected folders, or whatever it's called, wouldn't have been completely brain-dead.
> EDIT: Also there's a misconception that linux somehow doesn't get viruses - however the Pytorch attack affected linux users. Making a virus for windows gives you far more targets then linux, which is why they're far more common.
That's correct. But at least on Linux, if you're so inclined, you can spend a couple of hours setting up some AppArmor or SELinux profiles to prevent random crap for accessing ~/.ssh and ~/top-secret.
This is what makes it so doable since you don't need any privilege escalation.
The reason why this is a big deal for a lot of people is your ssh keys will give you access to your git repos and other servers unless you have them password protected or use gpg/sk ssh keys which I think a lot of people don't do.
And of course if you can see the known hosts file/bash_history you'll likely have access to more servers to propagate to.
Also things like your browser cache is stored there.
This is why I store keys on a hardware key that requires me to touch it when used and manually start ssh-agent when doing a lot of `git push`.