Comment by latentframe
10 hours ago
This looks to be more than just a security bug and rather an incentive problem because you can buy trust with plugin installs numbers and reputation but there’s no mechanism to reprice that trust after the ownership gets changed so the attackers just buy the distribution and monetize it later and that makes this kind of attack economically rational, so it gets reproduced often
No comments yet
Contribute on Hacker News ↗