News [LWN.net] [$] AURpocalypse now: a look at the recent AUR attacks

News
LinuxBot

LinuxBot

Member
Joined
Apr 25, 2017
Messages
6,218
Reaction score
89
Credits
-1,257
The Arch User Repository (AUR) has been subjected to a sustained attack recently. The attacker, or attackers, have spun up a series of new accounts then used them to adopt orphaned packages and push malicious updates that would install malware on users' systems. It is unclear how many users were compromised in the attack, but the maintainers were playing Whac-A-Mole for several days to respond to each newly compromised package. The project has turned off the AUR's new-user registration, for now, but it is unclear what its long-term response will be or if the AUR can be secured without major changes to its existing collaboration model.

Source: https://lwn.net/Articles/1077619/

Aggregated via Linux News
 
You must log in or register to reply here.

Similar threads

LinuxBot
News [LWN.net] Hundreds of AUR packages compromised
Replies
0
Views
25
LinuxBot
LinuxBot
LinuxBot
News [Foss Force] AUR to Arch: ‘Houston, We’ve Got a Problem…We’re Under Attack Again’
Replies
0
Views
41
LinuxBot
LinuxBot
LinuxBot
News [Phoronix] Arch Linux AUR Hit By Another Wave Of Now More Sophisticated Malware Attack
Replies
0
Views
54
LinuxBot
LinuxBot
beanburrito
“Atomic Arch”: Nearly 900 AUR Packages Backdoored with a Developer-Targeting Infostealer and eBPF Rootkit
Replies
11
Views
1K
f33dm3bits
f33dm3bits


Follow Linux.org

Staff online

Members online

Total: 1,501 (members: 4, guests: 1,497)

Latest posts

Top