This attack reminds me of the Copay backdoor in an NPM sub-sub-sub-dependency. But this is next level. The partially lived in the code, added by "just some tests" commits - that didn't contain executable code.
They were then activated by something the rogue maintainer snuck into the release binaries. nostr:note159ur4n6p7nm88h6xes29klhtftg0wfkeljy3lf3nnzu2r9qaerhs3xugec
Oof.
nostr:nevent1qqs868kppx7dsxkp4rt7ssgn9f85ugh5wzdy6qt5atklfzgp8wnk6dqpz3mhxue69uhhyetvv9ujuerpd46hxtnfdupzpp59a0hkv5ecm45nrckvmu7pnk0sukssvly33u3wwzquy4v037hcqvzqqqqqqy3mvrgy
Please Login to reply.
some disturbing implications in this.
Explain like I'm tripple vaxxed and masking outside alone please
