WARNING: Malware reported on unofficial Volumio images

Here you can find all important communications from Volumio's staff

Ads helps Volumio remain Free and Open Source. Please consider donating to help us continue to serve you.

WARNING: Malware reported on unofficial Volumio images

Postby michelangelo » Wed Oct 24 2018 14:08

IMPORTANT ANNOUNCEMENT

I got today a report from a Volumio community member raising my attention to the fact that he discovered some nasty behavior on an unofficial Volumio image. He is still investigating but it seems that this image it's likely to contain a crypto miner.

As I warned other times to not trust unofficial Volumio builds fearing this could have happened, now we have the first documented case.

For your information, the image is a Chinese build of Volumio tailored for a specific I2S DAC (not officially supported by Volumio).

So, once again: do not trust unofficial Volumio builds (even by third party sellers), as they might contain malware or other nasty stuff. Being Volumio open source we can't (and don't want to) stop people from building their images and therefore can't do much in blocking such things from happening.

So the only defense here is to make sure those images are not downloaded or spread.

If you want to download those images because they have support for some hardware not officially supported or they add some functionalities, remember that the above is not worth the risk of putting nasty malware into your network.
User avatar
michelangelo
Founder
 
Posts: 4145
Joined: Sun Dec 15 2013 23:18

Ads helps Volumio remain Free and Open Source. Please consider donating to help us continue to serve you.

Return to Staff comunications

Who is online

Users browsing this forum: No registered users and 2 guests