monero miner after installing certbot about certbot HOT 3 OPEN

Hmm. Our snap repos being compromised seems unlikely. The snaps being served from our repositories are the ones we uploaded during our last release a month ago and this has not changed since then according to the metrics offered to us by the snapcraft website.

It's possible that something else in the chain has been compromised (e.g. Ubuntu's snapd or core snaps, our GitHub repo, one of our Python dependencies included in the snaps, etc.), but I'd then expect to see similar reports of this which I have not. We have hundreds of thousands of people using the certbot snap, tens of thousands using the certbot-dns-route53 snap, and so far you're the only one who has reported this. I also tried to reproduce this on a fresh Ubuntu 20.04 VPS without success.

Because of all this, I unfortunately expect the compromise is elsewhere. Your VPS provider/image? SSH key/password guessed or leaked?

I'll leave this open to see if you or anyone else can provide us with more info pointing to a potential source of the problem, but as of right now, I think everything looks OK on our end.

from certbot.

Thanks, good to know u guys have taked a look on this, we feeled morally obligated to ask about, just in case.

We have uninstalled all snap related software and -of course- stopped the miner. Until now, we have not detected any new suspicious logs or activity on the server. Will let u know if something new happens (than can validate or discard a snap repo related problem).

from certbot.

I also encountered a similar problem to you. I installed certbot about last week, and then on December 25th I found that all the files on my server were encrypted and I needed to pay to decrypt them. It had been a long time before that. I have not installed any other software, and have not even logged into the server.

from certbot.