cm0002@europe.pub to Linux@programming.dev · 12 days agoThe security situation with the Arch Linux AUR got a lot worsewww.gamingonlinux.comexternal-linkmessage-square40fedilinkarrow-up1179cross-posted to: gaming@lemmy.ziplinux@lemmy.ml
arrow-up1179external-linkThe security situation with the Arch Linux AUR got a lot worsewww.gamingonlinux.comcm0002@europe.pub to Linux@programming.dev · 12 days agomessage-square40fedilinkcross-posted to: gaming@lemmy.ziplinux@lemmy.ml
minus-squarejobbies@lemmy.ziplinkfedilinkarrow-up28·12 days agoI’d love to know what’s going on with this. Arch has its haters but someone’s putting a lot of effort into this
minus-squarebrucethemoose@lemmy.worldlinkfedilinkarrow-up16·edit-212 days agoIt seems like some person with a bot just asked to maintain a bunch of orphaned packages, abusing the 2-week waiting period. Right? Thats why they used npm; off the shelf, almost “standard practice” credential harvesting malware. Nothing too fancy.
I’d love to know what’s going on with this. Arch has its haters but someone’s putting a lot of effort into this
It seems like some person with a bot just asked to maintain a bunch of orphaned packages, abusing the 2-week waiting period. Right?
Thats why they used npm; off the shelf, almost “standard practice” credential harvesting malware. Nothing too fancy.