Virual@lemmy.dbzer0.com to Linux@lemmy.mlEnglish · 2 days agoArch Linux's AUR Sees More Than 400 Packages Compromised With Malwarewww.phoronix.comexternal-linkmessage-square85fedilinkarrow-up1264arrow-down10cross-posted to: archlinux@lemmy.mlsecurity@lemmy.mllinux@sopuli.xyz
arrow-up1264arrow-down1external-linkArch Linux's AUR Sees More Than 400 Packages Compromised With Malwarewww.phoronix.comVirual@lemmy.dbzer0.com to Linux@lemmy.mlEnglish · 2 days agomessage-square85fedilinkcross-posted to: archlinux@lemmy.mlsecurity@lemmy.mllinux@sopuli.xyz
minus-squarechgxvjh [he/him, comrade/them]@hexbear.netlinkfedilinkEnglisharrow-up2·2 days agoI don’t think it’s immediately obvious that the PKGBUILD installing some shit with npm is malware.
minus-squareAatube@kbin.melroy.orglinkfedilinkarrow-up2·1 day agoit’s bypassing the normal place to download (in the PKGBUILD) and doing so in a place that’s unsandboxed instead (in the .install file, not the PKGBUILD) when it didn’t need to do that before
I don’t think it’s immediately obvious that the PKGBUILD installing some shit with npm is malware.
it’s bypassing the normal place to download (in the PKGBUILD) and doing so in a place that’s unsandboxed instead (in the .install file, not the PKGBUILD) when it didn’t need to do that before