Popular emulator Cemu was recently compromised with malware in Linux downloads
Popular emulator Cemu was recently compromised with malware in Linux downloads
Publish Date: 2026-05-13 03:53:00
Source Domain: www.gamingonlinux.com
Unfortunately, the popular Nintendo Wii U emulator Cemu was recently attacked, with it serving up malware in certain Linux builds.
A ticket was opened on the GitHub page on May 12, with the reporter noting a user re-uploaded certain v2.6 builds with the originals wiped. It only affected the 64-bit Ubuntu 22.04 build, along with the AppImage on Linux but not Flatpak. Windows and macOS builds were unaffected.
The developers have already removed the offending versions of the emulator. So you’re safe to download it now.
Turns out, the user account responsible is a long term co-author of Cemu who had a WSL (Windows Subsystem for Linux) system compromised. How exactly? One of the developers said:
From preliminary analysis it seems that mostly it is trying to spread itself rather than cause direct damage, it does that by stealing SSH keys, github tokens and a lot of other passwords or keys that they can then use to infect more packages or software releases. This is likely also how we got affected. The other Cemu author (MangleSpec/Petergov) ran software in WSL which was compromised through which they got hold of his github token. At least that is our leading theory.
Curiously, the malware was designed to steal passwords and security keys but not just that – it had a special payload if it detected you’re in Israel where it would attempt to play a loud siren and wipe your filesystem. Ouch.
You can see more information in their PSA post.
In other security news we recently had the big Dirty Frag and Copy Fail vulnerabilities to deal with too.
Article taken from GamingOnLinux.com.
