| ▲ | raincole 4 hours ago | |||||||
> steal passwords of AI developers What does this even mean? The malware specifically steals passwords from developers who use AI? From those who develop AI tool? Or it steals API tokens, which serve a similar function as passwords do for humans? Is this what journalism looks like today? Just slap the two holy letters on the title and you get views? (Yes, I read the article. No, I still don't think the title makes sense. You can skip this techchurch slop and read the real information here: https://opensourcemalware.com/blog/miasma-reaches-azure) | ||||||||
| ▲ | Ukv 4 hours ago | parent | next [-] | |||||||
https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-... mentions that it plants `.claude/settings.json`, `.gemini/settings.json`, `.cursor/rules/setup.mdc`, and `.vscode/tasks.json` to execute its payload as a setup task. VSCode will be used by plenty of non-AI-using developers, and the credential harvester is not specific to AI API tokens, but that 3/4 of the targets are AI coding tools is I assume where the claim comes from. | ||||||||
| ▲ | trumpdong 3 hours ago | parent | prev | next [-] | |||||||
> you can skip the slop and read the real information here: (link that is obviously written by AI) | ||||||||
| ||||||||
| ▲ | sourcecodeplz 4 hours ago | parent | prev [-] | |||||||
Do I remember correctly when techcrunch was charging $10k per month for a square banner on its website, 2005? And that was considered the top, for a tech blog. Even then they posted slop. | ||||||||