ALERT Roughly 400 AUR packages compromised

hecatae

hecatae

resident hecatae
Joined
Feb 7, 2014
Messages
1,036
Reaction score
310

Aur-general - lists.archlinux.org

lists.archlinux.org lists.archlinux.org

AUR REPORT THREAD - Aur-general - lists.archlinux.org

lists.archlinux.org lists.archlinux.org

Changes contributor email, adds npm to the PKGBUILD dependencies and installs malicious packages that take various keys and passwords (Browser logins, SSH, etc)

This persists on the machine with a systemd service and eventually pretends to be a kernel thread.

Reminds me of the Red Hat npm backdoor from 10 days ago:
arstechnica.com

Dozens of Red Hat packages backdoored through its official NPM channel

Anyone who has downloaded affected Red Hat packages should investigate immediately.
arstechnica.com arstechnica.com
 
You must log in or register to reply here.

Members online

No members online now.
Total: 62 (members: 0, guests: 62)

Latest Posts

Forum statistics

Threads
26,696
Messages
174,453
Members
20,264
Latest member
TRENT310
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Verify your Email

Check your inbox!

We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).

Upon verification you will be directed to the 3CX setup wizard.

Back
Top