this post was submitted on 29 Feb 2024
195 points (98.0% liked)
Open Source
30221 readers
230 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I don't see how "scammers creating scam repos" [2] is newsworthy at all. At least the headline seems like a big nothing-burger to me.
farther down in the article are 2 interesting informations, namely this diagram [1] and the fact that scammers seem to have moved from pip to github, and then started to use forks to make their scam-clones appear more believable.
[1] https://apiiro.com/wp-content/uploads/2024/02/Malicious-Package-Timeline.png
[2] 1000 guys make 1000 clones of 1000 legit libraries, and than create 1000 forks of their clones, to make them seem more legit than the original lib. 999 of each 1000 clones get autofiltered by github
--> 100010001000*1000/1000 = 1.000.000.000 infected repos(inkluding forks) and 1.000.000 (wihout forks).
so the number of 100.000 infected repos doesn't seem to be interesting or unexpected in any way.