cross-posted from: https://sopuli.xyz/post/45586653
From the Emudeck discord:
@everyone Hey everyone, apologies for the ping but since this is deemed as critical to the security of people’s devices here, I will have to. Cemu (The Wii U emulator) was recently compromised by a malicious attacker using a known developers account, this compromise took place from May 6th to May 12th, and introduces malware that is known to steal passwords, SSH keys, GitHub tokens, and likely more they are not fully aware of at this moment. We recommend anybody who is on Linux or SteamOS to go into the EmuDeck app, Manage Emulators tab, Cemu, and click Reinstall/Update, and make sure the hash of the AppImage (Located in Home/Applications, right click Cemu AppImage, go into Properties, Checksums, and Calculate the SHA256 hash) matches the non-compromised version provided by the Cemu developers, if you have used Cemu from the dates I have mentioned, and the SHA256 hash does not match what is listed, assume your system may be compromised if it was ran. If you are on Windows, MacOS, or used the Flatpak version, you are not affected by this malware. More information regarding this attack can be found here. https://rentry.org/cemu-security-psa
The specifically affected packages were:
Cemu-2.6-x86_64.AppImage
cemu-2.6-ubuntu-22.04-x64.zip
So it’s Cemu on Linux and Steamos, not anything to do with Emudeck.
I am not sure how Emudeck downloads Cemu though. I only found instructions on downgrading Cemu for Emudeck that you should download directly from Github and delete the Cemu file in the Emudeck folders.
Which might mean that Emudeck is setup to download directly from Github, not using Flathub. That would then result in a user receiving the malware if they had updated via Emudeck during this time.