pull down to refresh

firefox-patch-bin, librewolf-fix-bin and other AUR packages contain malwarelists.archlinux.org/archives/list/aur-general@lists.archlinux.org/thread/7EZTJXLIAQLARQNTMEW2HBWZYE626IFJ/
308 sats \ 2 comments \ @k00b 24 Jul security
On the 16th of July, at around 8pm UTC+2, a malicious AUR package was uploaded to the AUR. Two other malicious packages were uploaded by the same user a few hours later. These packages were installing a script coming from the same GitHub repository that was identified as a Remote Access Trojan (RAT).
The Arch Linux team addressed the issue as soon as they became aware of the situation. As of today, 18th of July, at around 6pm UTC+2, the offending packages have been deleted from the AUR.
write
preview
related posts
50 sats \ 1 reply \ @elvismercury 24 Jul
Seems like we have yet to really have the 9/11 moment, and the ease with which established practices can be catastrophically exploited has not been fully internalized. Or even internalized at all.
reply
0 sats \ 0 replies \ @k00b OP 24 Jul
terrifying thought!
reply