Virual@lemmy.dbzer0.com to Linux@lemmy.mlEnglish · 14 days agoArch Linux's AUR Sees More Than 400 Packages Compromised With Malwarewww.phoronix.comexternal-linkmessage-square86linkfedilinkarrow-up1268arrow-down10cross-posted to: technology@lemmy.worldarchlinux@lemmy.ml
arrow-up1268arrow-down1external-linkArch Linux's AUR Sees More Than 400 Packages Compromised With Malwarewww.phoronix.comVirual@lemmy.dbzer0.com to Linux@lemmy.mlEnglish · 14 days agomessage-square86linkfedilinkcross-posted to: technology@lemmy.worldarchlinux@lemmy.ml
minus-squarechgxvjh [he/him, comrade/them]@hexbear.netlinkfedilinkEnglisharrow-up2·13 days agoI don’t think it’s immediately obvious that the PKGBUILD installing some shit with npm is malware.
minus-squareAatube@kbin.melroy.orglinkfedilinkarrow-up2·13 days agoit’s bypassing the normal place to download (in the PKGBUILD) and doing so in a place that’s unsandboxed instead (in the .install file, not the PKGBUILD) when it didn’t need to do that before
I don’t think it’s immediately obvious that the PKGBUILD installing some shit with npm is malware.
it’s bypassing the normal place to download (in the PKGBUILD) and doing so in a place that’s unsandboxed instead (in the .install file, not the PKGBUILD) when it didn’t need to do that before