My fellow penguins,

I have been pwned. What started off as weeks of smiling everytime I heard a 7-10s soundbyte of Karma Factory’s “Where Is My Mind” has now devolved into hearing dashes and dots (Morse Code) and my all-time favorite, a South Park S13: Dead Celebrities soundbyte of Ike’s Dad saying, “Ike, we are sick of you talking about ghosts!”

It’s getting old now.

I feel like these sounds should be grepable in some log somewhere, but I’m a neophyte to this. I’ve done a clean (secure wipe >> reinstall) already, the sounds returned not even a day later.

Distro is Debian Bookworm. So how do I find these soundbytes? And how do I overcome this persistence? UFW is blocking inbound connection attempts everyday, but the attacker already established a foothold.

Thank you in advance. LOLseas

  • CaptainBasculin@lemmy.bascul.in
    1·
    22 hours ago

    from looking here, the thing that makes the most sense for me is pw-cli list-objects, could you try running pw-cli, then type list-objects and then play random sounds on an application? Could be anything, like a media player or web browser.

    When no command is given, pw-cli starts an interactive session with the default PipeWire instance pipewire-0.

    This would mean this should list any changes directly to the terminal, saving us from needing to log it externally

    It should report quite a lot of data considering it reports everything related to audio there, but it should let you know about any changes. If you can trace back from the sounds you made to the application you’ve run it from, it should work.

    • LOLseas@sh.itjust.worksOPEnglish
      1·
      21 hours ago

      Thanks, I ran the above watch command with ‘pw-cli list-objects’ and will report back upon the next occurence. It’s been quiet these past few hours. Thanks for helping a fellow penguin! Much appreciated, all of you.

      • LOLseas@sh.itjust.worksOPEnglish
        1·
        21 hours ago

        I couldn’t wait for the next soundbyte, so I checked the running sound-inputs.log and noticed a few entries for Chromium. I don’t use it, nor have I ever installed it on this system. Did a ‘which chromium-browser’ and got no hits. Yet it’s mentioned a few times in the log. Thoughts?

        Edit: typo

        • CaptainBasculin@lemmy.bascul.in
          2·
          19 hours ago

          Different applications can use Chromium as their base and might not be configured to return their application name to PipeWire, which in that case, Chromium returns its name.

          If you’re using a web app like Discord/Vesktop that’s likely it.