Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malware Found in Arch Linux AUR Package Repository (bleepingcomputer.com)

Posted by msmash on from the security-woes dept.

An anonymous reader shares a report: Malware has been discovered in at least three Arch Linux packages available on AUR (Arch User Repository), the official Arch Linux repository of user-submitted packages. The malicious code has been removed thanks to the quick intervention of the AUR team. The incident happened because AUR allows anyone to take over "orphaned" repositories that have been abandoned by their original authors. On Saturday, a user going by the pseudonym of "xeactor" took over one such orphaned package named "acroread" that allows Arch Linux users to view PDF files. According to a Git commit to the packag's source code, xeactor added malicious code that would download a file named "~x" from ptpb [dot] pw, a lightweight site mimicking Pastebin that allows users to share small pieces of texts.

2 of 69 comments (clear)

  1. Why so little malware? by Anonymous Coward · · Score: 2, Insightful

    I'm more interested in why there is so little malware. I would have expected lots of malware without any packages needing to be hijacked.

  2. Caught within 1-3 hours. Phone apps stay for month by raymorris · · Score: 4, Insightful

    He was caught within a few hours, because all changes all public:

    https://aur.archlinux.org/cgit...

    Possibly bad guys would rather add trojans to iPhone and Android apps, which may stay in the store for months without detection. You can't tell what changes have been made to compiled apps you download on iPhone, Android, or Windows.