There *is* a difference between installing from a carefully maintained repository such as CRAN, versus closing your eyes and trusting a remote URL via `install_github`.
AFAIK we have not been had yet in #Rstats but the attack vector is obviously there.
I am uncovering what seems to be a massive widespread malware attack on @github.
- Currently over 35k repositories are infected
- So far found in projects including: crypto, golang, python, js, bash, docker, k8s
- It is added to npm scripts, docker images and install docs
Aug 3, 2022 · 3:14 PM UTC
5
21