Moved here from a post in the HCL category.
i’m not sure… but what i know is that they usually use python scripts, along with some file manipulation on /home/user/ director, for example, ~/.config , ~/gnupg, or etc.
by the way, i’m trying to download 4.3 alpha testing for trying further security measures implemented on qubes 4.3. however, i saw the ‘Qubes OS Weekly Builds Signing Key’ has been self-signatured, not signed by master signing key. is this legit?
i found that this is due to the build process of the Qubes 4.3 alpha ISO! sorry for the initial question. but i’m not sure why last time i had failed to verify with .DIGEST file…
i sent an email attaching the (very suspicious - containing vm name which i didn’t modified) file which exists folders which are seemed to be manipulated. sorry for not to encrypting the email, i didn’t know sufficient knowledge to manage to do that… but i can assure that my email address is qubes + , so that would be the case. make sure open the file in disposable.