Feed aggregator
Garmin's Fenix 7S Pro Sapphire Solar Hits Incredible New Low Ahead of Black Friday
There's Still Time to Earn Interest on Your Savings, But Time's Ticking. Today's Rates, Nov. 19, 2024
I Switched From Melatonin Supplements to Sleep Patches for Two Weeks. These Are the Top Products That Get It Right.
Best Nonstick Pan for 2024
Free AI editor lures in victims, installs information stealer instead on Windows and Mac
A large social media campaign was launched to promote a free Artificial Intelligence (AI) video editor. If the “free” part of that campaign sounds too good to be true, then that’s because it was.
Instead of the video editor, users got information stealing malware. Lumma Stealer was installed on Windows machines and Atomic Stealer (AMOS) on Macs.
The campaign to promote the AI video editor was active on several social media platforms, like X, Facebook, and YouTube…
…and had been active for quite a while. as you can see from this tweet.
The criminals seem to have used a lot of accounts to promote their “product” as you can see from this search on X.
Some accounts were expressly created for this purpose, while others look like they may have been compromised accounts.
The campaign looks well organized, and looks so legitimate that it took quite a while before a researcher found out and tweeted about the threat.
When interested individuals follow the links, they’ll end up on a professional looking website—exactly what you would expect.
But if they click the “GET NOW” button, they’ll download the information stealer and infect their device. The file is called “Edit-ProAI-Setup-newest_release.exe” for Windows, and “EditProAi_v.4.36.dmg” for macOS.
Lumma is available through a Malware-as-a-Service (MaaS) model, where cybercriminals pay other cybercriminals for access to malicious software and its related infrastructure. Lumma steals information from cryptocurrency wallets and browser extensions, as well as two-factor authentication details. Lumma is often distributed via email campaigns, but nothing stops the cybercriminals from spreading it as a download for an AI editor, as they did here.
AMOS makes money for its operators by finding and stealing valuable information on the computers it infects, such as credit card details, authentication cookies, passwords and cryptocurrency. Besides stealing data from the web browsers themselves, AMOS can also steal data from browser extensions (plugins).
What if you installed one of these?Both stealers are after login credentials and financial information, so there are a few things you’ll need to do.
- Monitor your accounts. Banking and cryptocurrency information is a prime target for these information stealers, so check your accounts and monitor them closely.
- Change all your passwords starting with the important ones, and if you’re not using a password manager already, now might be a good time to get one. It can help you create and store strong passwords.
- Enable multi-factor-authentication (MFA) on all your important accounts.
- Log out of all your important accounts on infected devices. These information stealers are capable of taking over some accounts by stealing cookies, even if you have MFA enabled.
Malwarebytes for Windows and Malwarebytes for Mac can detect the information stealers, and they block the EditProAI websites.
Google May Be Asked to Sell Chrome Browser by DOJ
After 30 Years, We Finally Know Why Windows 95's Installer Juggled Three Operating Systems
Bringing Red Hat Enterprise Linux to Windows Subsystem for Linux
Article URL: https://www.redhat.com/en/blog/bringing-red-hat-enterprise-linux-windows-subsystem-linux
Comments URL: https://news.ycombinator.com/item?id=42183791
Points: 1
# Comments: 0
xAI has shifted all AI server orders from troubled Supermicro to Dell
Show HN: txtai 8.0 released: an agent framework for minimalists
Article URL: https://colab.research.google.com/github/neuml/txtai/blob/master/examples/67_Whats_new_in_txtai_8_0.ipynb
Comments URL: https://news.ycombinator.com/item?id=42183784
Points: 1
# Comments: 0
INSAIT updates BgGPT - LLM for the Bulgarian language (bggpt.ai)
Article URL: https://models.bggpt.ai/blog/2024-02-18-launching-the-first-free-and-open-bulgarian-llm/
Comments URL: https://news.ycombinator.com/item?id=42183771
Points: 1
# Comments: 0
Show HN: LlamaPReview – AI code reviewer trusted by 2000 repos, 40%+ effective
Hi HN! A month ago, I shared LlamaPReview [1] in SHOW HN. Since then, we've grown to 2000+ repos (60%+ public) with 16k+ combined stars. More importantly, we've made significant improvements in both efficiency and review quality.
Key improvements:
1. ReAct-based Review Pipeline We implemented a ReAct (Reasoning + Acting) pattern that mimics how senior developers review code. Here's a simplified version:
```python def react_based_review(pr_context) -> Review: # Step 1: Initial Assessment - Understand the changes initial_analysis = initial_assessment(pr_context) # Step 2: Deep Technical Analysis deep_analysis = deep_analysis(pr_context, initial_analysis) # Step 3: Final Synthesis return synthesize_review(pr_context, initial_analysis, deep_analysis) ``` 2. Two-stage format alignment pipeline
```python def review_pipeline(pr) -> Review: # Stage 1: Deep analysis with large LLM review = react_based_review(pr_context) # Stage 2: Format standardization with small LLM return format_standardize(review) ``` This two-stage approach (large LLM for analysis + small LLM for format standardization) ensures both high-quality insights and consistent output format.
3. Intelligent Skip Analysis We now automatically identify PRs that don't need deep review (docs, dependencies, formatting), reducing token consumption by 40%. Implementation:
```python def intelligent_skip_analysis(pr_changes) -> Tuple[bool, str]: skip_conditions = { 'docs_only': check_documentation_changes, 'dependency_updates': check_dependency_files, 'formatting': check_formatting_only, 'configuration': check_config_files } for condition_name, checker in skip_conditions.items(): if checker(pr_changes): return True, f"Optimizing review: {condition_name}" return False, "Proceeding with full review" ``` Key metrics since launch: - 2000+ repos using LlamaPReview - 60% public, 40% private repositories - 40% reduction in token consumption - 30% faster PR processing - 25% higher user satisfaction
Privacy & Security: Many asked about code privacy in the last thread. Here's how we handle it: - All PR review processing happens in-memory - No permanent storage of repository code - Immediate cleanup after PR review - No training on user code
What's next: We are actively working on GraphRAG-based repository understanding for better in-depth code review analysis and pattern detection.
Links: [1] Previous Show HN discussion: [https://news.ycombinator.com/item?id=41996859] [2] Technical deep-dive: [https://github.com/JetXu-LLM/LlamaPReview-site/discussions/3] [3] Link for Install (free): [https://github.com/marketplace/llamapreview]
Happy to discuss our approach to privacy, technical implementation, or future plans!
Comments URL: https://news.ycombinator.com/item?id=42183760
Points: 1
# Comments: 0
The Guide to Building an Efficient LLM in 2024 (Continuously Updated)
Which Power Plant Does My Electricity Come From?
Article URL: https://practical.engineering/blog/2024/11/14/which-power-plant-does-my-electricity-come-from
Comments URL: https://news.ycombinator.com/item?id=42183747
Points: 1
# Comments: 0
Agent Toolkit Pay as you go. Any tool, any currency
Article URL: https://agenttk.kevz.dev/
Comments URL: https://news.ycombinator.com/item?id=42183735
Points: 1
# Comments: 0
How to Dry Off Falling into a Frozen River Avoid Hypothermia [video]
Article URL: https://www.youtube.com/watch?v=egITnYcUA-I
Comments URL: https://news.ycombinator.com/item?id=42183726
Points: 1
# Comments: 0
Hoto's Black Friday Sale Offers Helpful Tools at Up to 45% Off
Golden age of building – YC's request for startups (RFS)
Article URL: https://www.ycombinator.com/rfs-build
Comments URL: https://news.ycombinator.com/item?id=42183709
Points: 1
# Comments: 0
The missing text focused programming environment
Article URL: https://utcc.utoronto.ca/~cks/space/blog/programming/MissingTextProgrammingEnvironment
Comments URL: https://news.ycombinator.com/item?id=42183705
Points: 1
# Comments: 0
Secret Santa Generator without signup or back end
Article URL: https://mael.dev/secretsanta/
Comments URL: https://news.ycombinator.com/item?id=42183679
Points: 2
# Comments: 0