Skip to main content
Topic: AUR packages compromised (Read 292 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

AUR packages compromised

For those not reading [aur-general], three AUR packages were found compromised: acroread, balz and minergate. Details of the malicious actions reveal a build-time fetch and execution of 2 scripts (which affects all users) and the installation of a systemd service and timer (which doesn't affect Artix, obviously). The purpose thereof was to gather system information and post it to a pastebin.
Upon closer inspection, the installed script contains a typo which should prevent it from functioning as intended, but let this be a reminder for everyone not to blindly trust user-uploaded content. The good news is this was quickly discovered, reported and fixed.


Re: AUR packages compromised

Reply #1
I read this elsewhere, pleasing to see that this was picked up and dealt with in a timely manner.

Re: AUR packages compromised

Reply #2
FWIW - I read it on the arch subeddit on reddit