logoalt Hacker News

guhcamposyesterday at 4:38 PM5 repliesview on HN

> Why do they only clone new repositories, rather than popular ones? > Why do they delete a commit and push a new one every few hours?

Because this is not targetted to humans. It's targetted to agents. They just need to appear on a fraction of the searches agents do to add dependencies and get lucky a couple times to start a new infection cluster.

Then to the more interesting question: why now?

1. Agents, agents everywhere.

2. MAJOR elections happening this year in the World, including US midterms and Brazilian mains. This appears to be an account-stealer worm - and my guess is it's looking to all those sweet sweet Facebook/Instagram/Tiktok/Whatsapp accounts ready to bot their way into oblivion.

Replies

saidnooneevertoday at 6:19 AM

2 is full on speculation. It can be any kind of purpose.

show 3 replies
vintermanntoday at 5:44 AM

Political manipulation is a problem, but I don't think it's nearly as profitable as pushing scams and gambling.

show 6 replies
mapttoday at 3:40 PM

While 2 is possible, we've had automated ransomware going for some time now. The agents in 1 are sufficient.

alecthomastoday at 8:27 AM

That doesn't seem likely, given that there's a reference from February 2025 documenting the pattern.

joka88xjtoday at 2:42 PM

[flagged]