Jump to content
mhbell

Arch AUR Repo Malware Attack "Hacked"?

Recommended Posts

got this in my email.

 

Arch Linux PDF reader package poisoned

 

The Register

Arch Linux has pulled a user-provided AUR (Arch User Repository) package, because it contained malware. If you're an Arch Linux user who ...

Malware Attack On Arch Linux AUR Repository; Three Packages Infected So Far - Fossbytes

Amateur bid to add code to Arch Linux packages found and squashed - iTWire

Full Coverage

  • Like 1

Share this post


Link to post
Share on other sites

It's all complete lies. There was not any malware at all, technically it wasn't even malicious. He simply added a systemd timer and script (called xeactor) to gather basic system info. https://ptpb.pw/~x. I wouldn't really call it malware but its a perfect example of why you should read the PKGBUILDS if you install user submitted packages. If someone is stupid enough to blindly install an unofficial app, then they deserve to be infected. Too bad that it wasn't actually malicious.

 

It was an orphaned pkg (acroread - who even uses it?) and some pleb adopted it, added a timer and script to gather basic system info, which didn't even work.. and then left you a 'compromised.txt' in your home to brag... User was known to devs, known moron who wanted help installing kali.

  • Like 2

Share this post


Link to post
Share on other sites

I figured if anyone would know, it would be you Security. LoL! There is about 5 different Newsletters carrying the story, and they all say the same.

  • Like 1

Share this post


Link to post
Share on other sites

I figured if anyone would know, it would be you Security. LoL! There is about 5 different Newsletters carrying the story, and they all say the same.

 

Honestly, I'm already tired of hearing about it. All these sites using buzzwords to get hits. There was not a single reason to call it malware.

Share this post


Link to post
Share on other sites
Honestly, I'm already tired of hearing about it. All these sites using buzzwords to get hits. There was not a single reason to call it malware.

Maybe the "hacker's" name was Mal? :shifty:

  • Like 2

Share this post


Link to post
Share on other sites
Honestly, I'm already tired of hearing about it. All these sites using buzzwords to get hits. There was not a single reason to call it malware.

Maybe the "hacker's" name was Mal? :shifty:

 

Haha :hysterical:

Share this post


Link to post
Share on other sites
Honestly, I'm already tired of hearing about it. All these sites using buzzwords to get hits. There was not a single reason to call it malware.

Maybe the "hacker's" name was Mal? :shifty:

Last Name "Ware" :whistling:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...