cm0002@europe.pub to Linux@programming.dev · 1 day agoThe security situation with the Arch Linux AUR got a lot worsewww.gamingonlinux.comexternal-linkmessage-square36linkfedilinkarrow-up1161arrow-down14cross-posted to: linux@lemmy.ml
arrow-up1157arrow-down1external-linkThe security situation with the Arch Linux AUR got a lot worsewww.gamingonlinux.comcm0002@europe.pub to Linux@programming.dev · 1 day agomessage-square36linkfedilinkcross-posted to: linux@lemmy.ml
minus-squarejobbies@lemmy.ziplinkfedilinkarrow-up28arrow-down1·1 day agoI’d love to know what’s going on with this. Arch has its haters but someone’s putting a lot of effort into this
minus-squarebrucethemoose@lemmy.worldlinkfedilinkarrow-up15·24 hours agoIt seems like some person with a bot just asked to maintain a bunch of orphaned packages, abusing the 2-week waiting period. Right? Thats why they used npm; off the shelf, almost “standard practice” credential harvesting malware. Nothing too fancy.
I’d love to know what’s going on with this. Arch has its haters but someone’s putting a lot of effort into this
It seems like some person with a bot just asked to maintain a bunch of orphaned packages, abusing the 2-week waiting period. Right?
Thats why they used npm; off the shelf, almost “standard practice” credential harvesting malware. Nothing too fancy.