mhbell Posted July 11, 2018 Share Posted July 11, 2018 got this in my email. Arch Linux PDF reader package poisoned The Register Arch Linux has pulled a user-provided AUR (Arch User Repository) package, because it contained malware. If you're an Arch Linux user who ... Malware Attack On Arch Linux AUR Repository; Three Packages Infected So Far - Fossbytes Amateur bid to add code to Arch Linux packages found and squashed - iTWire Full Coverage 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted July 11, 2018 Share Posted July 11, 2018 It's all complete lies. There was not any malware at all, technically it wasn't even malicious. He simply added a systemd timer and script (called xeactor) to gather basic system info. https://ptpb.pw/~x. I wouldn't really call it malware but its a perfect example of why you should read the PKGBUILDS if you install user submitted packages. If someone is stupid enough to blindly install an unofficial app, then they deserve to be infected. Too bad that it wasn't actually malicious. It was an orphaned pkg (acroread - who even uses it?) and some pleb adopted it, added a timer and script to gather basic system info, which didn't even work.. and then left you a 'compromised.txt' in your home to brag... User was known to devs, known moron who wanted help installing kali. 2 Quote Link to comment Share on other sites More sharing options...
mhbell Posted July 11, 2018 Author Share Posted July 11, 2018 I figured if anyone would know, it would be you Security. LoL! There is about 5 different Newsletters carrying the story, and they all say the same. 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted July 11, 2018 Share Posted July 11, 2018 I figured if anyone would know, it would be you Security. LoL! There is about 5 different Newsletters carrying the story, and they all say the same. Honestly, I'm already tired of hearing about it. All these sites using buzzwords to get hits. There was not a single reason to call it malware. Quote Link to comment Share on other sites More sharing options...
sunrat Posted July 12, 2018 Share Posted July 12, 2018 Honestly, I'm already tired of hearing about it. All these sites using buzzwords to get hits. There was not a single reason to call it malware. Maybe the "hacker's" name was Mal? 2 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted July 12, 2018 Share Posted July 12, 2018 Honestly, I'm already tired of hearing about it. All these sites using buzzwords to get hits. There was not a single reason to call it malware. Maybe the "hacker's" name was Mal? Haha Quote Link to comment Share on other sites More sharing options...
mhbell Posted July 12, 2018 Author Share Posted July 12, 2018 Honestly, I'm already tired of hearing about it. All these sites using buzzwords to get hits. There was not a single reason to call it malware. Maybe the "hacker's" name was Mal? Last Name "Ware" Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.