Subj : More malware uploaded to Arch Linux AUR (Linuxiac)
To   : All
From : LWN.net
Date : Fri Aug 01 2025 16:30:07

More malware uploaded to Arch Linux AUR (Linuxiac)

Date:
Fri, 01 Aug 2025 15:17:03 +0000

Description:
Linuxiac reports that another malicious package has been uploaded to the Arch 
User
Repository (AUR). This time around the package was google-chrome-stable , 
which installed a remote-access trojan 
along with Google Chrome. The good newsif you can call it thatis that the 
google-chrome-stable package was available on the AUR only for a few hours 
before the
malware hidden inside was discovered. Still, it did get a few upvotes,
which suggests at least some users ended up installing it. The Arch Linux 
project had to warn users about a similar attack less than a month
ago when a user uploaded three browser packages that also
installed a malicious script identified as a remote-access trojan.

======================================================================
Link to news story:
https://lwn.net/Articles/1032193/


--- Mystic BBS v1.12 A49 (Linux/64)
 * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)

.