Thanks for keeping an eye on this, everybody!
We spotted that issue on Review Hotmouse too. Working on taking care of those fake reviews and sock-puppet accounts en masse. It will be resolved today, I’m sure.
No, none of those were mistakes prompted by your post. They are all from the same source. Your warning post is fine as-is.
dude is so lazy he didn’t fix the text encoding of the bots lmao
vibe coding and its consequences have been a disaster for the human race
Probably this is intended to disguise natural comments on the add-on page. Add-ons are used by users from various countries so it’s typical for comments to be in various languages like this. Relatively few add-ons users actually read comments properly (someusers ignore even the basic descriptions of add-ons!) so I think the average Anki user is likely to misidentify these as real comments.
But it seems to me they are not very advanced malicious developers as you say. This attacker first posted a large number of copied add-ons to AnkiWeb. (this likely aims to take over AnkiWeb) These add-on page descriptions are auto generated by scripts or AI and are low quality, so users can easily identify them as fake.
The next day they posted this fake comment add-on and made the original add-on less noticeable by giving it many low ratings, this is relatively advanced and not immediately obvious. They posted malware and uploaded the improved malware after those were removed. Obviously the official Anki and developers and users are on high alert so it’s not reasonable to upload immediately at a time like this. (it is clear that such attacks will not succeed)
If they planned this meticulously from the start they would have uploaded advanced malware from the beginning, but that they did not, so it seems to me that the attacks on the server are either impulsive rather than planned or malicious pranks (or maybe they’re randomly attacking various servers using AI, in the case of neglected servers such attacks or takeovers may succeed).
If this attacker or another copycat attacker attempts another attack they may try to fake the comment dates in some way, so I think be careful of dummy add-ons and fake comments. As far as I know so far there are no existing normal add-ons with such suspicious add-ons or code or comments. (but it is highly disguised and may still be undiscovered so caution is required.)
I’m not familiar with publishing add-ons.
However, we should consider, if it’s not already the case, having to fill a captcha for each add-on publishing. I know it’s very bypass-able, but it’s better than nothing. And it does some psychologic effect too.
Also, maybe we should implement a sort of basic test on the title/description of an add-on, and make it impossible to upload a too similar-titled add-on.
Finally, maybe we should perform any other kind of test, or implement a feature, so that the user is warned when downloading an add-on that makes requests over Internet. This could be done with a permission system, similar to the ones on our web browsers or smartphones.
To be discussed.
Such security features were discussed earlier in this thread (Feature request: Inform users when an Anki addon communicates with third parties). The AnkiWeb add-ons page is closed source so only the official Anki can be developed and volunteers cannot contribute. (I think closed source is probably more secure)
My apologies for allowing those bad reviews to sit around that long. 
It’s been a really busy time, and I needed to build out some new tools to take care of the 500 accounts at once.
AnkiWeb was updated this morning to restrict new accounts from rating or uploading, which will inconvenience new users, but make it considerably harder for repeated campaigns like this.
