SoylentNews

An Anonymous Coward writes:

Linuxiac reports [linuxiac.com] that another malicious package has been uploaded to the Arch User Repository (AUR). This time around the package was google-chrome-stable, which installed a remote-access trojan along with Google Chrome.

        The good news—if you can call it that—is that the google-chrome-stable package was available on the AUR only for a few hours before the malware hidden inside was discovered. Still, it did get a few upvotes, which suggests at least some users ended up installing it.

The Arch Linux project had to warn users about a similar attack less than a month ago [lwn.net] when a user uploaded three browser packages that also installed a malicious script identified as a remote-access trojan.

::: https://lwn.net/Articles/1032193/ [lwn.net]

Original Submission