Is cc65 infected by a trojan?

desertfish · Post by **desertfish** » Fri Dec 02, 2022 2:00 pm

I don't trust Sourceforge.

In the past they have been altering installer packages themselves from the projects they hosted, to include bloatware or adware. I don't think they do that anymore nowadays but still.

Also it could be that the person mentioned by Stephen , that is doing the uploads onto SF, has their pc compromised and infects the software in the transfer. Who knows. Best to get stuff directly from the source.

neutrino · Post by **neutrino** » Fri Dec 02, 2022 2:39 pm

A reason to not use Github.com is that they are owned by Microsoft since 2018 which have eagerly used underhanded tactics since its creation in 1975 with Embrace-extend-extinguish, consistent bad code quality and was the first company to participate in the government surveillance programs etc. Sourceforge has changed ownership the last time in 2019 to Slashdot media, which doesn't seem to be owned by other giant corporations or institutional investors in turn.

As for compilers they can harbor a quite insidious method of compromise discovered in 1974 and with code published in 1984:

https://en.wikipedia.org/wiki/Backdoor_(computing)#Compiler_backdoors

"A sophisticated form of black box backdoor is a compiler backdoor, where not only is a compiler subverted (to insert a backdoor in some other program, such as a login program), but it is further modified to detect when it is compiling itself and then inserts both the backdoor insertion code (targeting the other program) and the code-modifying self-compilation, like the mechanism through which retroviruses infect their host. This can be done by modifying the source code, and the resulting compromised compiler (object code) can compile the original (unmodified) source code and insert itself: the exploit has been boot-strapped."

Though this is likely just a computer virus or falsely flagged as such.