Title | Malware Found in Arch Linux AUR Package Repository | |
Date | Thursday July 12 2018, @09:40AM | |
Author | mrpg | |
Topic | ||
from the allows-anyone-to-take-over dept. |
Submitted via IRC for Fnord666
[...] Malware has been discovered in at least three Arch Linux packages available on AUR (Arch User Repository), the official Arch Linux repository of user-submitted packages.
[...] The incident happened because AUR allows anyone to take over "orphaned" repositories that have been abandoned by their original authors.
[...] According to a Git commit to the package's source code, xeactor added malicious code that would download a file named "~x" from ptpb.pw, a lightweight site mimicking Pastebin that allows users to share small pieces of texts.
[...] Besides downloading ~u, the main purpose of the first file (~x) was also to modify systemd and add a timer to run the ~u file at every 360 seconds.
[...] No other malicious actions were observed, meaning the acroread package wasn't harming users' systems, but merely collecting data in preparation for... something else.
Source: Malware Found in Arch Linux AUR Package Repository
Links |
printed from SoylentNews, Malware Found in Arch Linux AUR Package Repository on 2024-04-25 06:56:49