Over 900 Arch Linux Packages Infected with infostealers and rootkits(lists.archlinux.org)
lists.archlinux.org
Over 900 Arch Linux Packages Infected with infostealers and rootkits
https://lists.archlinux.org/archives/list/[email protected]/thread/FGXPCB3ZVCJIV7FX323SBAX2JHYB7ZS4/#5FDTMKA54RMWNRHJFUAKXEBAFV5WPDUL
3 comments
Very misleading title. AUR "recipes" are NOT official Arch Linux packages. Basically anyone can upload stuff to the AUR. Users are expected to read and understand the AUR PKGBUILDs before trying to build them.
"Over 900 packages infected in a repository anyone can upload to, it just has to be compatible with Arch"
https://news.ycombinator.com/item?id=48500447
“AUR packages compromised with Infostealer and Rootkit” (ifin.network)
257 points | 15 hours ago | 189 comments
“AUR packages compromised with Infostealer and Rootkit” (ifin.network)
257 points | 15 hours ago | 189 comments