alt Hacker NewsPlease be careful when revoking tokens. It looks like the payload installs a dead-man's switch at ~/.local/bin/gh-token-monitor.sh as a systemd user service (Linux) / LaunchAgent com.user.gh-token-monitor(macOS). It polls api.github.com/user with the stolen token every 60s, and if the token is revoked (HTTP 40x), it runs rm -rf ~/.
https://github.com/TanStack/router/issues/7383#issuecomment-...
Replies
I don't understand why people were voting this comment down in the issue page
I'm not quite sure of what this really accomplishes, like is it just M.A.D.? Like at that point the creds have been stolen and the whole machine is toast.
> as a systemd user service
Hah! I know why I don't use systemd.
if so, then this is actual terrorism of the software world!!
Incredible. Mutually assured destruction.
The next five years are going to be truly WILD in the software world.
Air-gapped systems are gonna be huge.
One should always have had backups configured, but if this is what gets people to setup backups, so much the better.
Realistically if you have installed malware, you need to do a full wipe of your computer anyway.