Comment by guhcampos
1 day ago
> Why do they only clone new repositories, rather than popular ones? > Why do they delete a commit and push a new one every few hours?
Because this is not targetted to humans. It's targetted to agents. They just need to appear on a fraction of the searches agents do to add dependencies and get lucky a couple times to start a new infection cluster.
Then to the more interesting question: why now?
1. Agents, agents everywhere.
2. MAJOR elections happening this year in the World, including US midterms and Brazilian mains. This appears to be an account-stealer worm - and my guess is it's looking to all those sweet sweet Facebook/Instagram/Tiktok/Whatsapp accounts ready to bot their way into oblivion.
2 is full on speculation. It can be any kind of purpose.
I like how quickly this got dismissed as speculation as though we don't live in an age where election tampering and manipulation of public opinion for political reasons are so commonplace that incidents of it just blend in with the other forgettable global headlines.
Because it is speculation, with no special evidence. Could it be for just money? You can sell access to exploited systems in interesting companies for quite a bit of money. Or maybe it was for general use to twist public opinion in the future, not tied to those specific elections. Or just plain spying, We can't be sure, and the net was cast quite narrowly.
One could research where those repos are coming from, and do forensics on who controls the trojan network. But that wasn't done, so right now, it's all speculation. Something can be very worrying without us knowing exactly what the use cases for it will be
2 replies →
Why would they steal credentials when governments already have fake accounts for this exact purpose (see UK’s JTRIG from the Snowden documents)
… you also have to remember that the JTRIG leaked docs were about a decade before LLMs, so you could imagine tooling these days is 100x a they used to have
Yes, a lot of compromised accounts are just put onto a marketplace of sorts, either selling the account itself directly or offered as services to promote a product / political talking point / propaganda / engagement.
Or it could just be that someone vibe coded the worm, and vibe coding is relatively young.
Political manipulation is a problem, but I don't think it's nearly as profitable as pushing scams and gambling.
just get residential botnets to watch ur youtube channel click all the adds u dont need many bots..There are many ways to monetize things.
Governments just run sim farms etc. they dont need to use this kind of approach for political influece. Not to say that some dont but generally they will not be stealing accounts. (most bots involved in campaigns to get trump in his seat were not stolen accounts)
I suspect that politicians right before elections may pay more than standard gambling. They gamble with much higher stakes.
Hah, outsourcing political "influencing" to tiny "consulting" companies that promise great things but is a rickety AI slop shop in the backend.
I suppose the only difference to the Big 4 is the price tag.
I guess politicians could claim to be hiring a voter research company and profess to be oblivious to the "voter hacking" schemes (hacking the voters' minds to lean whichever way the politician wants them to lean).
On that level, power and control trumps profit
It doesn’t need to be profitable if it’s cheap - political manipulation by unsavory parties is worth a cheap botnet if it means they can keep power and keep grifting.
I will agree with a sibling up there that the political part is pure speculation, and I’d guess anyone running a moderately sized botnet is open to use for any nefarious purposes if the price is right.
It's more profitable because it allows you to select political perspectives that allow you, the scammer and or gambler, to scam or gamble harder.
a kind of
You'd be surprised as how there's individuals and organizations willing to pay a lot of money to do political manipulation / influencing.
> ... and organizations willing to pay a lot of money to do political manipulation / influencing.
Like what, parties campaigning?
6 replies →
While 2 is possible, we've had automated ransomware going for some time now. The agents in 1 are sufficient.
That doesn't seem likely, given that there's a reference from February 2025 documenting the pattern.
[flagged]