I’m seeing more of these types of attacks in the news
"Security researchers have uncovered over 200 malicious GitHub repositories designed to distribute information stealers and remote access trojans (RATs) by masquerading as legitimate projects.
These repositories, active for nearly two years, exploit developers’ trust in open-source platforms to infiltrate systems and exfiltrate sensitive data, including cryptocurrency wallets and browser credentials.
The GitVenom campaign leverages AI-generated documentation to create convincing README.md files, complete with multilingual installation guides and feature descriptions.
I was hoping the computer guys would get into this topic, I use some open source but like most everything in computers I don’t know how it works or what is behind it.
Interesting how something like this hasn’t started before. People just can’t be nice even in the open source community.
But again, developers shouldn’t blindly accept code pushes without a proper review - because out there, there’s always someone who doesn’t want to play nice.