Virual@lemmy.dbzer0.com to Linux@lemmy.mlEnglish · 22 days agoArch Linux's AUR Sees More Than 400 Packages Compromised With Malwarewww.phoronix.comexternal-linkmessage-square86fedilinkarrow-up1270arrow-down10cross-posted to: [email protected][email protected][email protected]
arrow-up1270arrow-down1external-linkArch Linux's AUR Sees More Than 400 Packages Compromised With Malwarewww.phoronix.comVirual@lemmy.dbzer0.com to Linux@lemmy.mlEnglish · 22 days agomessage-square86fedilinkcross-posted to: [email protected][email protected][email protected]
minus-squarechgxvjh [he/him, comrade/them]@hexbear.netlinkfedilinkEnglisharrow-up2·22 days agoI don’t think it’s immediately obvious that the PKGBUILD installing some shit with npm is malware.
minus-squareAatube@kbin.melroy.orglinkfedilinkarrow-up2·21 days agoit’s bypassing the normal place to download (in the PKGBUILD) and doing so in a place that’s unsandboxed instead (in the .install file, not the PKGBUILD) when it didn’t need to do that before
I don’t think it’s immediately obvious that the PKGBUILD installing some shit with npm is malware.
it’s bypassing the normal place to download (in the PKGBUILD) and doing so in a place that’s unsandboxed instead (in the .install file, not the PKGBUILD) when it didn’t need to do that before