malicious download links being inserted into wiki home page

[dalehagglund]

It doesn't look like anyone's looking at these issues, but ...

The wiki home page (https://github.com/bmatzelle/gow/wiki) is world-editable, or at least it seems editable to any random person logged into github, and some unfriendly random person is changing the main "Download Installer" link to point to a malware installer.

I got hit by it a couple hours ago, and just finished getting off my laptop. I didn't get a specific name, but it was sort of spyware / keylogger, at least from what Norton told me.

From looking briefly at the history, several user names have been involved since at least October 16, 2021. It looks to me like most of the changes are given the description "Updated Home (markdown)" although that was also used before the first malicious edit I noticed.

[bmatzelle]

Thanks! I closed the wiki's from being world-editable.