Recently replaced the keyboard on my t440p.
Keyboard works, but now whenever i boot up (after logging in), about 50 screenshot notifications pop up.
Specifically, I am getting the screenshot pop-up associated with the xfce4-screenshooter program in dom0. This xfce4-screenshooter pop-up is DIFFERENT than the pop-up i get when i press PrtSc.
Tried re-installing the old keyboard and I still get the 50 screenshot pop-ups.
Something obviously broke. Where do i look in dom0 for clues, and does anyone have any tips on how to solve this issue?
after looking through the logs i found that the program “xfce4-screensho” was being executed around 50 times right at bootup - i think even before dom0 started.
i ran the following command: “pkill-xfce4-screensho”
and now the problem is resolved - even after i reboot my machine i no longer get any weird pop-ups. I have no idea how that solved the problem since i dont think pkill can cause any permanent system changes. lmao.
I know other Operating Systems have been hit with the “screenshotter” spyware, be it Windows, Mac, Linux, or even OpenBSD
Do you think someone figured out a way to deploy that spyware onto Xen Operating Systems and even Qubes? It sounds like as of these last forum posted timestamps that such didn’t compromise many layers and maybe that’s why the Threat Actor’s focus was to break through a weakness at login in an attempt to screenshot their way into capturing the login names and passwords (as they haven’t yet cracked a way through Dom0 with their malicious deploys). This is my best guess if this screenshot issue was at all connected to that type of spyware
Sorry for re-opening a solved thread but this made me curious as to if you can confirm if the cause and origin was spyware related or not