{"id":245388,"date":"2026-05-13T10:54:00","date_gmt":"2026-05-13T14:54:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/13\/20000-linux-users-grabbed-a-malicious-cemu-build-that-steals-passwords-for-coding-and-cloud-credentials\/"},"modified":"2026-05-13T16:55:09","modified_gmt":"2026-05-13T20:55:09","slug":"20000-linux-users-grabbed-a-malicious-cemu-build-that-steals-passwords-for-coding-and-cloud-credentials","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/13\/20000-linux-users-grabbed-a-malicious-cemu-build-that-steals-passwords-for-coding-and-cloud-credentials\/","title":{"rendered":"20,000 Linux users grabbed a malicious Cemu build that steals passwords for coding and cloud credentials"},"content":{"rendered":"<p><a href=\"https:\/\/www.xda-developers.com\/20000-linux-users-grabbed-malicious-cemu-build-steals-passwords-coding-cloud-credentials\/\">20,000 Linux users grabbed a malicious Cemu build that steals passwords for coding and cloud credentials<\/a><\/p>\n<p><a href=\"https:\/\/www.xda-developers.com\/20000-linux-users-grabbed-malicious-cemu-build-steals-passwords-coding-cloud-credentials\/\">https:\/\/www.xda-developers.com\/20000-linux-users-grabbed-malicious-cemu-build-steals-passwords-coding-cloud-credentials\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-13 10:54:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.xda-developers.com\">www.xda-developers.com<\/a><\/p>\n<h3 class=\"title icon i-list\">Summary<\/h3>\n<ul>\n<li>\n                                        Cemu Linux builds on GitHub were compromised May 6-12th, 2026; nearly 20,000 downloads likely infected.\n                        <\/li>\n<li>\n                                        If infected, a clean OS install is advised; otherwise, delete binaries and reset passwords, tokens, and SSH keys.\n                        <\/li>\n<li>\n                                        People downloading Cemu via Flatpak were unaffected by the attack.\n                        <\/li>\n<\/ul>\n<p>Linux isn&#8217;t as virus-free as it used to be. Once heralded as pretty useless, Linux antivirus software is more valuable now than ever, as people discover exploits and attacks in the open-source world more often than we&#8217;d like.<\/p>\n<p>Such is the case with the Cemu emulator, which recently suffered a malicious attack that led to almost 20,000 Linux users downloading an infected file. And while the issue has since been remedied, people who downloaded a potentially infected file should take steps to protect themselves now.<\/p>\n<h2 id=\"20-000-people-downloaded-an-infected-linux-build-of-cemu\">\n                        20,000 people downloaded an infected Linux build of Cemu<br \/>\n               <\/h2>\n<h3 id=\"flatpak-users-are-not-affected-though\">\n            Flatpak users are not affected, though<br \/>\n    <\/h3>\n<p>The developers behind Cemu published a post detailing what&#8217;s going on. Between the 6th and 12th of May, 2026, the files &#8220;Cemu-2.6-x86_64.AppImage&#8221; and&#8230;<\/p>\n<p><a href=\"https:\/\/www.xda-developers.com\/20000-linux-users-grabbed-malicious-cemu-build-steals-passwords-coding-cloud-credentials\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>20,000 Linux users grabbed a malicious Cemu build that steals passwords for coding and cloud&#8230;<\/p>\n","protected":false},"author":1,"featured_media":245390,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/static0.xdaimages.com\/wordpress\/wp-content\/uploads\/wm\/2026\/05\/rog-ally-x-emudeck.jpg?w=1600&h=900&fit=crop","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[71],"class_list":["post-245388","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-linux"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/245388"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=245388"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/245388\/revisions"}],"predecessor-version":[{"id":245391,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/245388\/revisions\/245391"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/245390"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=245388"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=245388"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=245388"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}