OneinStack official website installation package was implanted with Trojan horse

On the evening of April 24, a netizen discovered that the installation package downloaded from the OneinStack official website was implanted with a Trojan horse. Line 137 of the /include/openssl.sh file in the installation package A Trojan horse has been inserted. The main manifestation is that during installation, a picture containing a compressed Trojan horse program will be downloaded from the counterfeit official website domain name WGET. After downloading, the linux@QWE backdoor file will be decompressed and executed, and finally the system will be controlled.

Specific issues address: https://github.com/oneinstack/ oneinstack/issues/487

As of May 3, the author has repaired and cleaned up the implanted Trojan.

The Trojan location: oneinstack/include/openssl.sh 137 line cnoneinstack.com is an unofficial domain name Trojan file MD5 value: oneinstack-full.tar.gz md5 | fc897d5abba2dbff00fb6b88da878ba8 Scope of impact: 2023-04-24 (actually unknown) ~ 2023-05-03 and the system is RedHat/CentOS series

The counterfeit domain name was registered on 2023-02-28. It cannot be ruled out that the official installation package was poisoned as early as February.

Sangfor Security Lab Report: https://www.secpulse. com/archives/200488.html

Recommended site search: ip proxy server, dynamic ip server, Hong Kong vps, dual-line server, domain name registration fee, mainland China space, cloud host rental, Guangdong hosting, Japanese server rental Japanese server, domain name registration,