FOSS project attacks on Github, malware injected in forks ransomware Linux machines
FOSS project attacks on Github, malware injected in forks ransomware Linux machines
While adding support for jqfmt to my markdown code block formatter (mdsf, mdsf#700), I came across something weird.
Apparently there's a bunch of projects getting hit with this, fairly obscure ones though. Project gets forked, suddenly get a pile of stars more than the original, and then there's a curl-bash pipe inserted into it that runs some ransomeware that encrypts ~/Documents.
About a dozen other projects linked in here from another developer (excuse the Reddit link): https://old.reddit.com/r/golang/comments/1jbzuot/someone_copied_our_github_project_made_it_look/
You're viewing a single thread.
lol, just checked. ~/Documents doesn't even exist on my machine.
Average arch user
oh oh, I'm a below average arch user. I suspect i copied most of my hoome from debian or something.
I'll rename it to Dickuments as a security feature.
spoiler
alk;sdgkl;sduffjdsl;sf;jlk
Me neither, I nuke the default freedesktop folders on an install because they clutter up my home folder. But I'd imagine we're the exception.