Y
Hacker News
new
|
ask
|
show
|
jobs
by
stevelacy
1409 days ago
Many of the repos I found were clones of valid projects with same names under new orgs and new users. For instance, this projects is valid:
https://github.com/scala-network/GUI-miner
and it's infected clone:
https://github.com/stellitecoin/gui-miner
GPG signed commits by the legitimate users do not contain the malware
1 comments
laserlight
1409 days ago
Considering that only clones are affected, your original tweet is downright wrong. None of the listed projects (python, js, bash, docker, k8s) are affected. Anybody can fork a repository to introduce malware.
link
eurasiantiger
1409 days ago
js is a project?
link
laserlight
1409 days ago
You're right. It's not. I just copy-pasted the list from the tweet. I assume that the author meant to write jq.
link