ALERT Roughly 400 AUR packages compromised

hecatae

resident hecatae
Joined
Feb 7, 2014
Messages
1,058
Reaction score
319

Changes contributor email, adds npm to the PKGBUILD dependencies and installs malicious packages that take various keys and passwords (Browser logins, SSH, etc)

This persists on the machine with a systemd service and eventually pretends to be a kernel thread.

Reminds me of the Red Hat npm backdoor from 10 days ago:
 

Members online

No members online now.

Forum statistics

Threads
26,733
Messages
174,695
Members
20,292
Latest member
Sunnysideup
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Back
Top