#开源项目
又一种很“新颖”的往开源项目里下毒的手法:有人对Python 包 ultralytics 发了 PR,其中包含如图分支名,当 GitHub 执行 CI 任务时,执行脚本获得仓库密钥,进而在发布包中植入加密货币挖矿程序
https://lwn.net/Articles/1001215/
BY codedump的电报频道
A leaked Telegram discussion by 50 so-called crypto influencers has exposed the extraordinary steps they take in order to profit on the back off unsuspecting defi investors. According to a leaked screenshot of the chat, an elaborate plan to defraud defi investors using the worthless “$Few” tokens had been hatched. $Few tokens would be airdropped to some of the influencers who in turn promoted these to unsuspecting followers on Twitter.
Importantly, that investor viewpoint is not new. It cycles in when conditions are right (and vice versa). It also brings the ineffective warnings of an overpriced market with it.Looking toward a good 2022 stock market, there is no apparent reason to expect these issues to change.
codedump的电报频道 from jp