[saagarjha]

The 0-day is in a popular software package. The GitHub repo apparently contains a backdoor ability to execute code from the attacker. If I had to guess, this would be the software update functionality here: https://github.com/dbgsymbol/getsymbol/blob/cb4bdedc1a85c308...

[r1ch]

That's just malware. There's no 0-day here.

[saagarjha]

That’s what Google is calling it, so I’m inclined to believe them.

[g___]

"In addition to targeting researchers with 0-day exploits, the threat actors also developed a standalone Windows tool that has the stated goal of 'download debugging symbols from Microsoft, Google, Mozilla and Citrix symbol servers for reverse engineers.'

The attackers used a 0-day but getsymbol is not one.

[saagarjha]

Yep, that’s what I said.

[edgyquant]

No it isn’t what you said at all. You said Google was calling malware a zero day and you believe them, but they aren’t doing this.

[saagarjha]

This is what I said:

> The 0-day is in a popular software package.

(I have no idea what this is.)

> The GitHub repo apparently contains a backdoor ability to execute code from the attacker.

(This is what Google says and I think it’s the autoupdater.)

Is this different than what you feel?