this post was submitted on 13 May 2026
63 points (100.0% liked)

RetroGaming

28719 readers
74 users here now

Vintage gaming community.

Rules:

  1. Be kind.
  2. No spam, AI slop, or soliciting for money.
  3. No racism or other bigotry allowed.
  4. Obviously nothing illegal.

If you see these please report them.

founded 2 years ago
MODERATORS
Xylinna@lemmy.world
Tenthrow@lemmy.world
gts@lemmy.world
63
If you use Emudeck to play Wii U games, you may have malware (lemmy.ml)
submitted 4 days ago by thingsiplay@lemmy.ml to c/retrogaming@lemmy.world
5 comments fedilink hide all child comments
 

cross-posted from: https://sopuli.xyz/post/45586653

From the Emudeck discord:

@everyone Hey everyone, apologies for the ping but since this is deemed as critical to the security of people's devices here, I will have to. Cemu (The Wii U emulator) was recently compromised by a malicious attacker using a known developers account, this compromise took place from May 6th to May 12th, and introduces malware that is known to steal passwords, SSH keys, GitHub tokens, and likely more they are not fully aware of at this moment. We recommend anybody who is on Linux or SteamOS to go into the EmuDeck app, Manage Emulators tab, Cemu, and click Reinstall/Update, and make sure the hash of the AppImage (Located in Home/Applications, right click Cemu AppImage, go into Properties, Checksums, and Calculate the SHA256 hash) matches the non-compromised version provided by the Cemu developers, if you have used Cemu from the dates I have mentioned, and the SHA256 hash does not match what is listed, assume your system may be compromised if it was ran. If you are on Windows, MacOS, or used the Flatpak version, you are not affected by this malware. More information regarding this attack can be found here. https://rentry.org/cemu-security-psa

The specifically affected packages were:

Cemu-2.6-x86_64.AppImage

cemu-2.6-ubuntu-22.04-x64.zip

top 5 comments
sorted by: hot top controversial new old
[–] nullpotential@lemmy.dbzer0.com 18 points 4 days ago (1 children)

More accurate to say if you have downloaded Cemu for Linux between 6-12 May and either unzipped it or run the appimage you are assumed to be infected.

https://rentry.org/cemu-security-psa

[–] thingsiplay@lemmy.ml 4 points 4 days ago* (last edited 4 days ago) (1 children)

From their messag:

There are currently no known reliable traces

Isn't a checksum of the files a reliable enough way to check? Edit: Ah yes, at the bottom of their message they do exactly that. If one executed the programs, then they are affected I assume:

If you are unsure whether your binaries are compromised here are hashes of the GOOD files:

Cemu-2.6-x86_64.AppImage 0c20c4aeb800bb13d9bab9474ef45a6f8fcde6402cad9b32ac2a1bbd03186313 (sha256)

cemu-2.6-ubuntu-22.04-x64.zip 5e4592d0dae394fa0614cb8c875eff3f81b23170b349511de318d9caf7215e1b (sha256)

[–] nullpotential@lemmy.dbzer0.com 8 points 4 days ago

I think they were saying there's no way to trace if the malware activated or what files it affected, but you can determine if you have the infected versions by the checksums yeah.

[–] db2@lemmy.world -3 points 4 days ago (1 children)

But people kept defending appimage saying it's safer and sandboxed and stuff. Think any will show up in replies to double down on that clearly wrong idea?

[–] thingsiplay@lemmy.ml 11 points 4 days ago

Oh no AppImage is not sandboxed, people didn't say that. You probably mean people say Flatpak is sandboxed. And the Flatpak version here is not affected. I personally use AppImages too, knowing its not sandboxed at all and aware of the dangers. AppImage is "just" like a self extracting Zip archive, but with some extra tricks. Flatpak on the other hand is sandboxed and limits the access to your system and files, depending on the configuration of the package.