cm0002@europe.pub to Linux@programming.dev · 10 hours agoThe security situation with the Arch Linux AUR got a lot worsewww.gamingonlinux.comexternal-linkmessage-square20fedilinkarrow-up197arrow-down13cross-posted to: linux@lemmy.mlgaming@lemmy.zip
arrow-up194arrow-down1external-linkThe security situation with the Arch Linux AUR got a lot worsewww.gamingonlinux.comcm0002@europe.pub to Linux@programming.dev · 10 hours agomessage-square20fedilinkcross-posted to: linux@lemmy.mlgaming@lemmy.zip
minus-squarejobbies@lemmy.ziplinkfedilinkarrow-up20arrow-down1·9 hours agoI’d love to know what’s going on with this. Arch has its haters but someone’s putting a lot of effort into this
minus-squarebrucethemoose@lemmy.worldlinkfedilinkarrow-up8·edit-27 hours agoIt seems like some person with a bot just asked to maintain a bunch of orphaned packages, abusing the 2-week waiting period. Right? Thats why they used npm; off the shelf, almost “standard practice” credential harvesting malware. Nothing too fancy.
I’d love to know what’s going on with this. Arch has its haters but someone’s putting a lot of effort into this
It seems like some person with a bot just asked to maintain a bunch of orphaned packages, abusing the 2-week waiting period. Right?
Thats why they used npm; off the shelf, almost “standard practice” credential harvesting malware. Nothing too fancy.