Bug 496358

Summary: plasma-workspace contains malware
Product: [I don't know] kde Reporter: etjakeoc
Component: generalAssignee: Unassigned bugs mailing-list <unassigned-bugs>
Status: RESOLVED NOT A BUG    
Severity: major CC: kdedev, nate
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description etjakeoc 2024-11-16 19:11:05 UTC 
SUMMARY
Randomly while using my PC, as the only linux user in my home, xembedsniproxy requested full remote control of my system.

STEPS TO REPRODUCE
1.  Just use your system normally.
2. 
3. 

OBSERVED RESULT
Malware attempted to hijack my system.

EXPECTED RESULT
Not to be hacked by my DE of choice.

SOFTWARE/OS VERSIONS
Whatever the latest plasma 6 package versions are on Arch linux.

ADDITIONAL INFORMATION
I had to spend 5 hours repairing my filesystem because I removed power from the machine the moment this scary message appeared on my machine. I have since removed the offending binary from my system, and relinked the systemd service to /dev/null.
Comment 1 Nate Graham 2024-11-19 19:06:29 UTC 
Not malware; just an unfortunate interaction of two components that weren't talking to each other in the past but now do, with results that unfortunately look scary but are actually benign. You can grant the access without worry. And this UI issue is fixed in Plasma 6.3.0.
Comment 2 etjakeoc 2024-11-19 19:13:39 UTC 
(In reply to Nate Graham from comment #1)
> Not malware; just an unfortunate interaction of two components that weren't
> talking to each other in the past but now do, with results that
> unfortunately look scary but are actually benign. You can grant the access
> without worry. And this UI issue is fixed in Plasma 6.3.0.

Good to know it wasn't intentional malware, but I still don't feel safe granting anyone else but myself full remote access over my PC, I will keep this binary purged of all my systems, but thank you for the information