Ledger have already proved their clownmanship, but this is preposterous. Don't they checksum the libraries? Can just anyone push bogus stuff on github or wherever it is that the code is kept? I think there's something I'm missing.
I understand GitHub is a cesspool for hackers to create fake repositories containing malicious code to infect victim's computers to steal credentials, crypto wallet data, and hijack funds during transactions. They use social engineering to make these projects appear legitimate and trustworthy, luring users into downloading malware.
Hackers are known to create counterfeit projects on GitHub that appear to offer legitimate tools, such as cryptocurrency trading bots or software for managing
Bitcoin wallets. These repositories are designed to trick users into downloading malicious software by employing deceptive tactics.
Not good! I'm glad I don't need to worry about any of that!