cm0002@europe.pub to Linux@programming.dev · 2 days agoThe security situation with the Arch Linux AUR got a lot worsewww.gamingonlinux.comexternal-linkmessage-square41linkfedilinkarrow-up1177arrow-down15cross-posted to: linux@lemmy.ml
arrow-up1172arrow-down1external-linkThe security situation with the Arch Linux AUR got a lot worsewww.gamingonlinux.comcm0002@europe.pub to Linux@programming.dev · 2 days agomessage-square41linkfedilinkcross-posted to: linux@lemmy.ml
minus-squarejobbies@lemmy.ziplinkfedilinkarrow-up28arrow-down1·2 days agoI’d love to know what’s going on with this. Arch has its haters but someone’s putting a lot of effort into this
minus-squarebrucethemoose@lemmy.worldlinkfedilinkarrow-up15·2 days agoIt seems like some person with a bot just asked to maintain a bunch of orphaned packages, abusing the 2-week waiting period. Right? Thats why they used npm; off the shelf, almost “standard practice” credential harvesting malware. Nothing too fancy.
I’d love to know what’s going on with this. Arch has its haters but someone’s putting a lot of effort into this
It seems like some person with a bot just asked to maintain a bunch of orphaned packages, abusing the 2-week waiting period. Right?
Thats why they used npm; off the shelf, almost “standard practice” credential harvesting malware. Nothing too fancy.