Yeah it's strange. My sites that are are proxied through Cloudflare remained up, but Supabase was taken offline so some backends were down. Either a regional PoP style issue, or a specific API or service had to be used to be affected.
Most likely load arbitrary binary code and execute it. Which also makes it really hard to figure out what it actually did.
Among the options of what could be pushed:
- proxyware, turning your network into a residential proxy that can then be sold to anyone willing to pay for them to commit crimes, send spam, scrape, ... with your IP [I believe this is the primary suspect here]
- other standard botnet crap like DDoS bots
- exploits that try to break out of the sandbox to establish persistence, steal other data, or steal your Google account token
- code that steals all data/tokens that the app itself has access to
- adware that shows ad notifications etc.
- ransomware that tries to prevent you from leaving the app (of course this works best if they get a sandbox escape first, but I'm sure you can get pretty close with just aggressive creative use of existing APIs)
{
"code": 400,
"errors": [
{
"domain": "global",
"message": "Job exceeded rate limits: Your project_and_region exceeded quota for creating jobs. For more information, see https://cloud.google.com/bigquery/docs/troubleshoot-quotas",
"reason": "jobRateLimitExceeded"
}
],
"message": "Job exceeded rate limits: Your project_and_region exceeded quota for creating jobs. For more information, see https://cloud.google.com/bigquery/docs/troubleshoot-quotas",
"status": "INVALID_ARGUMENT"
}
Did Supabase hit their Google Cloud quota?
EDIT: Appears to be back online now. Somebody paid the bill?
This took one of the three hours; it seems to have taken from 11:28 to 13:37 to recognize that the configuration file panic was the cause of the issue.
