This is apparently what happened to event-stream, a widely used tool

Hi all, this is just a heads up about a new social-engineering vector for malware using open source projects, more details in the following article [1] As the article mention: that was compromised by a crypto-currency stealing attacker who gained commit access, >poisoned an update, and then locked the project's owner out.

I don't know what to say. #116 [Dominic Tarr/Github] [2]

[1] https://boingboing.net/2018/11/26/candy-from-strangers.html [2] https://github.com/dominictarr/event-stream/issues/116 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org