Rebanesomebody took my repo, reuploaded it with an ai-slopped README, and then added a zip file with lua malware in it??
seems like the strat is to constantly force-push new commits so that the repo shows up as recent in search results and stuff
Emily_S@rebane2001 Ooh, that's still going? Had that happen to me about a month ago.
Reported the repo but it seems to have been an on going thing.
sablefeline@rebane2001 sorry to hear, i think you should kil that person,,,,
OmnivoreGitHub
Contribution activity
March 2026
Created 81 commits in 1 repository
sikosiko27/x86CSS
81 commits
Luke Harby@rebane2001 That's horrendous
zivi@rebane2001 sloperators will literally do anything
♾️ Water@rebane2001 Maybe send it to Eric Parker. He regularly analyzes such Malware on his Youtube channel. It could be interesting to see what it does.
https://www.youtube.com/@EricParker
https://www.youtube.com/@EricParker
Eric Parker
Obscure technology, malware investigations, open source software. I provide content with the goal of improving awareness of technology, and cybersecurity. Subscribe, and keep the bad guys out of your system. For personal inquiries: [email protected] For business / sponsor inquiries: [email protected] (C) Eric Parker 2025 Please do not reupload / "archive" my videos without permission. Reaction & transformative use is absolutely permitted. If you would like to license a video for commerical use, please email me.
Two images:
First Image.
A GitHub repository for x86CSS, a tool designed to emulate an older computer's central processor using only CSS code, without requiring JavaScript.
Second image.
scan report for a file named CSS_x_1.7-alpha.4.zip, which has been flagged as malicious by multiple security vendors.
Amethyst Nightshade@rebane2001 sadly github under microslops ownership, seems to have no interest in stoping all the slop or bots. I've seen many a thing on github, especially since openclaw is now a thing. I have seen people spaming potentially malicious links to “verifiy” your foss project on a ai slop farm. children, mentally at least, throw a tantrum over their “CVE” not getting attention when their so called exploit does requires itself to exploit (needs client side access to grab client side info). and now this, really have no hope for github anymore, knew it was not gonna be good after the microsoft acquisition wayback but this is much worse. sadly gitlab is kinda going ai as well, but you can selfhost at least. I ended up going the route of migrating off github entirely and my accounts are now private with no repos.
João Carlos@rebane2001 Oh, I seen that before! I've have reported the repo, and since then, I don't think I can find it anymore. But it was the same case as yours. Someone copied the repo, made some new commits, and had a release with a clearly obfuscated lua malware