**Malware Found On The Arch User Repository (AUR)**

=>>> [aur-general] acroread package compromised

2 Likes

Sad to see. No one s safe on the net I think.

Edit: Since a while.

1 Like

AnonymousJuly 10, 2018 at 9:18 AM

A small typo - It was on July 7 - not June.
The malicious script was removed within approx. 9 hours
Reply
Replies

LogixJuly 10, 2018 at 10:14 AM

Corrected, thank you!
2 Likes

@ector

That s a good thing.

The article offers some advice on what to look for if you’re like me and just kind of do a perfunctory scan without really knowing what exactly to check. If nothing else, focus on the URLs. They will most likely follow a wget or curl command and are the most likely spot to store a malicious script. In this case, the package grabbed a script from Pastebin which should be considered a serious red flag.

That article is rather sensationalist, the ArchWiki clearly advises to check all PKGBUILDs & included files before installing AUR packages:

https://wiki.archlinux.org/index.php/Arch_User_Repository#Build_and_install_the_package