Skip to main content

Beware, there is an ongoing spambot attack in #GitHub issues in several projects were random people suggest "the fix" is to download a random file from mediafire.com. Like this:
screenshot from a curl issue where users suggest suspicious downloads to "fix the issue"
#github
This entry was edited (2 months ago)

Hubert Figuière reshared this.

in reply to daniel:// stenberg://

Björn Fahller
Björn Fahller
ah, I got one of those. It seemed to be of low enough priority to safely ignore for the moment, but I now know to ignore it forever. Thanks.
in reply to daniel:// stenberg://

Paul Barker
Paul Barker
I saw one of those yesterday within a minute of someone opening an issue on one of my repos.
in reply to daniel:// stenberg://

Norm Tovey-Walsh
Norm Tovey-Walsh
I got one of those this morning, but GitHub seems to have yanked it away between the time that I got the email notification and when I "WTAF?" navigated my way to the issue page.
in reply to daniel:// stenberg://

Deltablot
Deltablot

Got it too on my repo. Downloaded it for science. It contains an exe with some dll.

The "FastRsync.dll" lib makes me think this tool will suck crypto and secrets out of your computer, fast.

in reply to daniel:// stenberg://

Jack
Jack
just encountered that last guy lol. Reporting them does seem to get them banned pretty quick. I reported two and they were both banned within about 10 minutes.
in reply to daniel:// stenberg://

Roxedus
Roxedus
this has been happening all week. I've had to limit interactions on a org with 300 repos, because the bots keep triggering each other with activity
in reply to daniel:// stenberg://

𝘾-rich
𝘾-rich

@GossiTheDog

a chorus of voices slightly offset from each other but numerous

"to fix your trouble..."

@Kevin Beaumont
in reply to daniel:// stenberg://

grin
grin
I tried to install the fix but I seem to be required to install Wine for it. Is there some project helping me install windows malware faster on linux? 😆
in reply to daniel:// stenberg://

Melroy van den Berg
Melroy van den Berg
I also got those comments, with random comments saying to download a binary from Dropbox..!
in reply to daniel:// stenberg://

gudenau
gudenau
This seems like a trivial pattern for Microsoft to nuke, but that's not a great sign.
in reply to daniel:// stenberg://

Luna Lactea
Luna Lactea
mediafire.com my behated💔
Nothing good has ever come out of that website
in reply to daniel:// stenberg://

lsxæøå
lsxæøå
seen this across repos and orgs the last week as well. Just
Report, use moderation (sad) or?
in reply to daniel:// stenberg://

Shafik Yaghmour
Shafik Yaghmour

I saw these start to pop-up in llvm issues yesterday.

It is troubling to see it is more widespread.

in reply to daniel:// stenberg://

Shadow06
Shadow06

lol this is hilarious.

More people need to explore other platforms for hosting their code. Something a little more self-sovereign.

in reply to daniel:// stenberg://

sudokill
sudokill
you can use codeberg instead of github.
There is a low probability to find spammer and hacker 👍
in reply to daniel:// stenberg://

Emily
Emily
I saw one of these with a link to Dropbox. Dropbox took the link down before I even saw the comment and the comment was removed very shortly after