[raincole]

> steal passwords of AI developers

What does this even mean?

The malware specifically steals passwords from developers who use AI? From those who develop AI tool? Or it steals API tokens, which serve a similar function as passwords do for humans?

Is this what journalism looks like today? Just slap the two holy letters on the title and you get views?

(Yes, I read the article. No, I still don't think the title makes sense. You can skip this techchurch slop and read the real information here: https://opensourcemalware.com/blog/miasma-reaches-azure)

[Ukv]

https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-... mentions that it plants `.claude/settings.json`, `.gemini/settings.json`, `.cursor/rules/setup.mdc`, and `.vscode/tasks.json` to execute its payload as a setup task.

VSCode will be used by plenty of non-AI-using developers, and the credential harvester is not specific to AI API tokens, but that 3/4 of the targets are AI coding tools is I assume where the claim comes from.

[trumpdong]

> you can skip the slop and read the real information here: (link that is obviously written by AI)

[raincole]

And?

If the techchurch post is written by a human then I'll take this as an example that humans outslop AI.

[sourcecodeplz]

Do I remember correctly when techcrunch was charging $10k per month for a square banner on its website, 2005? And that was considered the top, for a tech blog. Even then they posted slop.