• @stown@lemmy.world
    link
    fedilink
    English
    331 year ago

    I’ll answer because I found the information. It appears that the attacker would need to rely on physical access to the machine OR another exploit that lets them access the computer remotely.

    • @d3Xt3r@lemmy.nz
      link
      fedilink
      English
      6
      edit-2
      1 year ago

      Or they could just get you to execute the command without your knowledge (eg: all the people who just blindly copy-paste commands, or pipe scripts from the net into sudo). Or it could be a compromised github account/repo (supply-chain attack). Or even the ol’ techsupport scam where they get gullible users to install stuff…