ALERT Roughly 400 AUR packages compromised

hecatae

resident hecatae
Joined
Feb 7, 2014
Messages
1,058
Reaction score
319

Changes contributor email, adds npm to the PKGBUILD dependencies and installs malicious packages that take various keys and passwords (Browser logins, SSH, etc)

This persists on the machine with a systemd service and eventually pretends to be a kernel thread.

Reminds me of the Red Hat npm backdoor from 10 days ago:
 

Members online

No members online now.

Latest Posts

Forum statistics

Threads
26,731
Messages
174,675
Members
20,290
Latest member
Zuhlbrittany
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Back
Top