Comment by quantummagic

3 hours ago

With all due respect, this reads to me as a couple of confusing non sequiturs. I took a quick look at the link you included, and it didn't help me understand what you're talking about either. Probably I'm just horrendously ignorant, but I would love to understand what you're referring to, and the point you're making about it.

Because we may be missing comments that GitHub has deleted without leaving tombstones (which sucks), it is not entirely clear whether the person creating and responding to the issue I linked is the person trying to have others run that trojan file, or whether they have fallen victim to it .. and merely quoted the link from a now-vanished comment.

In any case, this is the file they referenced, which is still all over GitHub under various "fix.exe" file names in likely LLM-generated issues and issue comments: https://www.virustotal.com/gui/file/d85d164e46fabb085609f258...

  • It's your comment which is deficient. I happen to know what you're referring to, but this and your GP comment are written as reminders for people who already know what you're talking about, rather than being explanatory for people who don't.

    A better approach might have been It seems the usual suspects are still abusing Github pull requests to distribute malware [...]

The "issue" raised says "hey I found a bug, no ships are rendered, run this .exe file to fix it!" and someone did just that.

You don't run just random binaries off the Internet on your computers, do you?

Nooooo, of course you don't.

  • > You don't run just random binaries off the Internet on your computers, do you?

    Humans might exercise some context-aware caution... AI agents, however?