https://lwn.net/Articles/759461/ This is a special feed containing comments posted to the individual LWN article titled "Malware found in the Arch Linux AUR repository". en-us Sun, 21 Sep 2025 23:58:09 +0000 Sun, 21 Sep 2025 23:58:09 +0000 https://www.rssboard.org/rss-specification lwn@lwn.net https://lwn.net/Articles/759585/ https://lwn.net/Articles/759585/ XTerminator It is not a surprise that a publically accessible repository contains malware. There is no vetting involved in creating an AUR account nor in submitting packages to it. AUR == caveat emptor. Always check what you are getting. Thu, 12 Jul 2018 12:15:05 +0000 https://lwn.net/Articles/759582/ https://lwn.net/Articles/759582/ feb <div class="FormattedComment"> That's a typosquatting attack which LWN talked about a few years ago (<a href="https://lwn.net/Articles/694830/">https://lwn.net/Articles/694830/</a>). In the case of Arch AUR packages, there's also the idea of targetting orphaned packages.<br> </div> Thu, 12 Jul 2018 11:50:20 +0000 https://lwn.net/Articles/759482/ https://lwn.net/Articles/759482/ jak90 <div class="FormattedComment"> It seems "acrored" is a typo for the Adobe Reader package (acroread) that's sitting back at package version 9.5.5-7 (if one even dares to use this native version of the application, which is no longer supported by or officially available from Adobe).<br> Likewise, submitting "mistyped" packages would seem like a viable compromise vector as well.<br> </div> Wed, 11 Jul 2018 11:50:23 +0000 https://lwn.net/Articles/759477/ https://lwn.net/Articles/759477/ rengolin <div class="FormattedComment"> In case people are looking for, this is the list of the affected packages:<br> * acrored 9.5.5-8<br> * balz 1.20-3<br> * minergate 8.1-2<br> <p> Source: <a href="https://lists.archlinux.org/pipermail/aur-general/2018-July/034169.html">https://lists.archlinux.org/pipermail/aur-general/2018-Ju...</a><br> </div> Wed, 11 Jul 2018 08:51:54 +0000