this post was submitted on 13 May 2026
136 points (100.0% liked)

Steam Hardware

22063 readers
463 users here now

A place to discuss and support all Steam Hardware, including Steam Deck, Steam Machine, Steam Frame, and SteamOS in general.

As Lemmy doesn't have flairs yet, you can use these prefixes to indicate what type of post you have made, eg:
[Flair] My post title

The following is a list of suggested flairs:
[Deck] - Steam Deck related.
[Controller] - Steam Controller related.
[Machine] - Steam Machine related.
[Frame] - Steam Frame related.
[Discussion] - General discussion.
[Help] - A request for help or support.
[News] - News about the deck.
[PSA] - Sharing important information.
[Game] - News / info about a game on the deck.
[Update] - An update to a previous post.
[Meta] - Discussion about this community.

If your post is only relevant to one hardware device (Deck/Machine/Frame/etc) please specify which one as part of the title or by using a device flair.

These are not enforced, but they are encouraged.

Rules:

Link to our Matrix Space

founded 4 years ago
MODERATORS
Moxvallix@sopuli.xyz
Fubarberry@sopuli.xyz
136
If you use Emudeck to play Wii U games, you may have malware (sopuli.xyz)
submitted 2 days ago* (last edited 2 days ago) by Fubarberry@sopuli.xyz to c/steamdeck@sopuli.xyz
30 comments fedilink hide all child comments
 

From the Emudeck discord:

@everyone Hey everyone, apologies for the ping but since this is deemed as critical to the security of people's devices here, I will have to. Cemu (The Wii U emulator) was recently compromised by a malicious attacker using a known developers account, this compromise took place from May 6th to May 12th, and introduces malware that is known to steal passwords, SSH keys, GitHub tokens, and likely more they are not fully aware of at this moment. We recommend anybody who is on Linux or SteamOS to go into the EmuDeck app, Manage Emulators tab, Cemu, and click Reinstall/Update, and make sure the hash of the AppImage (Located in Home/Applications, right click Cemu AppImage, go into Properties, Checksums, and Calculate the SHA256 hash) matches the non-compromised version provided by the Cemu developers, if you have used Cemu from the dates I have mentioned, and the SHA256 hash does not match what is listed, assume your system may be compromised if it was ran. If you are on Windows, MacOS, or used the Flatpak version, you are not affected by this malware. More information regarding this attack can be found here. https://rentry.org/cemu-security-psa

The specifically affected packages were:

Cemu-2.6-x86_64.AppImage

cemu-2.6-ubuntu-22.04-x64.zip

you are viewing a single comment's thread
view the rest of the comments
[–] Fubarberry@sopuli.xyz 69 points 2 days ago (8 children)

Also I thought this part was interesting:

Special note for Israeli users: If the malware determines that your location is Israel (it does this via locale and timezone checks) then it has a 1:6 chance that it will play a loud siren sound and run rm -rf /, essentially attempting to wipe your filesystem.

[–] SarahValentine@lemmy.blahaj.zone 64 points 2 days ago

From the river to the C:/

[–] SamueruSama@programming.dev 43 points 2 days ago* (last edited 2 days ago) (1 children)

It turns out the malware doesn't work because it runs subprocess.run(["rm", "-rf", "/*"])

That will never delete anything, since there is no shell to expand the glob in /* here, so rm gets a literal /* as the path to delete 😭

[–] SpaceNoodle@lemmy.world 40 points 2 days ago (2 children)

This is why you test your code, people

[–] Katana314@lemmy.world 3 points 1 day ago (1 children)

Which leads to the interesting question: How do the authors of infectious, destructive viruses test their code?

[–] SpaceNoodle@lemmy.world 4 points 1 day ago

I'd set up an air-gapped test network. Could possibly set up some virtual hosts to emulate part of it, but I'd keep the whole setup isolated as a failsafe.

[–] elvith@feddit.org 2 points 1 day ago

Whew, thankfully it didn’t work on my machine!

[–] youcantreadthis@quokk.au 18 points 1 day ago

That's prettyfuvking based

[–] cheat700000007@lemmy.world 11 points 2 days ago (1 children)

That's kind of awesome

[–] youcantreadthis@quokk.au 5 points 1 day ago

I think I'm on team malware now

[–] mnemonicmonkeys@sh.itjust.works 6 points 2 days ago (2 children)

Maybe now they'll figure out that they need to vote Netanyahu out of office for being a genocidal piece of shit

[–] nfreak@lemmy.ml 9 points 1 day ago

tbf the vast majority of that country support him and everything he stands for, so getting rid of one fascist won't change much

[–] youcantreadthis@quokk.au 2 points 1 day ago

Right they need a properly omnicidal megalomanic no mere genocide

[–] tanisnikana@lemmy.world 5 points 2 days ago (1 children)

That’s not malware.

That’s amazing.

[–] Fubarberry@sopuli.xyz 10 points 2 days ago (2 children)

It also trys to steal passwords/keys/etc, the Russian roulette part is just extra for people in Israel.

[–] Grimy@lemmy.world 8 points 2 days ago (1 children)

Is this considered Chaotic Good or Lawful Evil?

[–] youcantreadthis@quokk.au 2 points 1 day ago (1 children)

Definitely not evil

[–] nfreak@lemmy.ml 3 points 1 day ago

Eh the password stealing shit definitely is but the special conditions for "israel" are hilarious (even if their code is borked and doesn't actually work)

[–] tanisnikana@lemmy.world 2 points 2 days ago

That’s fair. I hope Israel gets what’s coming to them.

[–] thingsiplay@lemmy.ml 3 points 2 days ago (1 children)

Unless the option --no-preserve-root is given, it should not execute.

[–] elvith@feddit.org 6 points 1 day ago

Fun fact:

rm -rf / requires —no-preserve-root to work whereas rm -rf /* doesn’t.

That’s because the /* gets expanded by the shell before the command runs and it only sees the request to delete /var, /dev, /home, /usr,… recursively but not / specifically.

On another note: This line in the code doesn’t run through a shell and thus this won’t work and it just tries to delete the literal path of /* recursively - and thus fails to do any damage…