cm0002@europe.pub to Linux@programming.dev · 15 days agoThe security situation with the Arch Linux AUR got a lot worsewww.gamingonlinux.comexternal-linkmessage-square13linkfedilinkarrow-up11arrow-down10
arrow-up11arrow-down1external-linkThe security situation with the Arch Linux AUR got a lot worsewww.gamingonlinux.comcm0002@europe.pub to Linux@programming.dev · 15 days agomessage-square13linkfedilink
minus-squarejobbies@lemmy.ziplinkfedilinkarrow-up0·15 days agoI’d love to know what’s going on with this. Arch has its haters but someone’s putting a lot of effort into this
minus-squarebrucethemoose@lemmy.worldlinkfedilinkarrow-up1·15 days agoIt seems like some person with a bot just asked to maintain a bunch of orphaned packages, abusing the 2-week waiting period. Right? Thats why they used npm; off the shelf, almost “standard practice” credential harvesting malware. Nothing too fancy.
I’d love to know what’s going on with this. Arch has its haters but someone’s putting a lot of effort into this
It seems like some person with a bot just asked to maintain a bunch of orphaned packages, abusing the 2-week waiting period. Right?
Thats why they used npm; off the shelf, almost “standard practice” credential harvesting malware. Nothing too fancy.