The author uncovers a huge web of fake accounts across GitHub and SourceForge which are used to push backdoored versions of legitimate software installers. A good reminder to be cautious when downloading “unofficial builds” and to always check checksums for official ones. - [HN] - blog