
Malware found buried in NetBeans releases since August 2018 - ternaryoperator
https://www.zdnet.com/article/github-warns-java-developers-of-new-malware-poisoning-netbeans-projects/
======
greenyoda
> _GitHub did not publish the name of the 26 poisoned projects, but has
> published details about Octopus Scanner 's infection process, so NetBeans
> users and Java developers can look for signs if their projects have been
> altered._

Why aren't they publishing the list of affected projects? Even if these
projects all got cleaned up, aren't people who previously cloned the projects
still potentially infected?

