Bad actors are abusing large, open-registration, low-moderation Mastodon instances in order to provide direction to the Vidar Stealer trojan horse, which steals passwords, credit card details, bitcoin wallets, etc.
If you run a large, open-registration, low-moderation instance, please consider changing at least one of those qualities.
@noelle In the end, all open-posting places can be used for something like that, and moderation doesn't necessarily help.
Relevant data could be embedded stenographically into legit-looking posts and extracted by trojan clients. But of course not needing to do this reduces the implementation complexity for the trojan devs.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!