I got today a report from a Volumio community member raising my attention to the fact that he discovered some nasty behavior on an unofficial Volumio image. He is still investigating but it seems that this image it's likely to contain a crypto miner.
As I warned other times to not trust unofficial Volumio builds fearing this could have happened, now we have the first documented case.
For your information, the image is a Chinese build of Volumio tailored for a specific I2S DAC (not officially supported by Volumio).
So, once again: do not trust unofficial Volumio builds (even by third party sellers), as they might contain malware or other nasty stuff. Being Volumio open source we can't (and don't want to) stop people from building their images and therefore can't do much in blocking such things from happening.
So the only defense here is to make sure those images are not downloaded or spread.
If you want to download those images because they have support for some hardware not officially supported or they add some functionalities, remember that the above is not worth the risk of putting nasty malware into your network.