Artix Linux Forum

AUR packages compromised

13 July 2018, 13:57:08

For those not reading [aur-general], three AUR packages were found compromised: acroread, balz and minergate. Details of the malicious actions reveal a build-time fetch and execution of 2 scripts (which affects all users) and the installation of a systemd service and timer (which doesn't affect Artix, obviously). The purpose thereof was to gather system information and post it to a pastebin.
Upon closer inspection, the installed script contains a typo which should prevent it from functioning as intended, but let this be a reminder for everyone not to blindly trust user-uploaded content. The good news is this was quickly discovered, reported and fixed.

Re: AUR packages compromised

Reply #1 – 13 July 2018, 14:58:51

I read this elsewhere, pleasing to see that this was picked up and dealt with in a timely manner.

Re: AUR packages compromised

Reply #2 – 14 July 2018, 01:44:11

FWIW - I read it on the arch subeddit on reddit

Re: AUR packages compromised

Reply #3 – 14 July 2018, 13:33:27

FWIW  I read it in void forums first