Is this actually a CVE?
The headline at least looks more like lOoK, sSh eXplOiTeRs uSe sSh cLiEnTs tO eXpLoIt sSh CVEs!!1!1elf11
TL;DR: Free Software being repackaged with malware in order to trick people who download from fake websites like Softonic and shit. No PuTTY exploit, no Win exploit, just pure user error.
Edit 2: The big exploit according to the Article is that now the malware dosent need OpenSSH since its integrated into win already by default. But again, any fake game website could have just promted the user to install that, since most users are that dumb and will just do what the website tells them anyway
Free software being repackaged with malware is nothing new and has been around for a long while. Headline feels very click bait-y.
This article seems to describe one of the things an attacker can do once they already have access to your device - a method for maintaining access that can evade detection. Did I miss the part where this article explains how a machine gets compromised in the first place, or does it just presume your machine is already somehow infected?
