As you all know, popular modrinth-compatible mod instance manager PolyMC has been hijacked by an individual who is close to being deemed a cybercriminal, who goes by the online name of "lenny", who has clear ties with another user under than name "Rongmario".
Evidence shows that Lenny is using the keyword "sneed" in his email address, which is also used with Curseforge project "CensoredASM", which has a codebase that primarily identifies itself as either LoliASM or as SneedASM. Connections are not 100% confirmed, but the evidence is highly compelling.
For user safety, we are going to be PERMANENTLY deleting this page and all records of it in our server to avoid giving instructions to use the compromised software: (Wyrms of Nyrus) Installation Guide in less than 10 minutes.
The security implications states that Rongmario or "Lenny" has full control over the repository, and can inject and release whatever code he wants to, which considering his behaviors, could turn PolyMC into a trojan-class virus.
We are unsure how to proceed after this, and I agree, this situation is beyond fucked up.
As you all know, popular modrinth-compatible mod instance manager PolyMC has been hijacked by an individual who is close to being deemed a cybercriminal, who goes by the online name of "lenny", who has clear ties with another user under than name "Rongmario".
Referring to this commit
Evidence shows that Lenny is using the keyword "sneed" in his email address, which is also used with Curseforge project "CensoredASM", which has a codebase that primarily identifies itself as either
LoliASM
or asSneedASM
. Connections are not 100% confirmed, but the evidence is highly compelling.For user safety, we are going to be PERMANENTLY deleting this page and all records of it in our server to avoid giving instructions to use the compromised software: (Wyrms of Nyrus) Installation Guide in less than 10 minutes.
The security implications states that Rongmario or "Lenny" has full control over the repository, and can inject and release whatever code he wants to, which considering his behaviors, could turn PolyMC into a trojan-class virus.
We are unsure how to proceed after this, and I agree, this situation is beyond fucked up.
Please help us out, thanks.