On July 16th, 2023, several malicious packages were uploaded to the Arch User Repository (AUR) of Arch Linux, leading to the installation of a Remote Access Trojan (RAT) on affected systems. The packages in question were librewolf-fix-bin, firefox-patch-bin, and zen-browser-patched-bin. The malicious code was sourced from a GitHub repository, and the first package was uploaded around 8 PM UTC+2, followed by two additional packages a few hours later.
Upon discovering the threat, the Arch Linux team acted swiftly to remove the compromised packages. By July 18th at approximately 6 PM UTC+2, all malicious entries had been eliminated from the AUR. Users who installed any of the affected packages are strongly advised to uninstall them immediately and verify their systems for any signs of compromise.
In light of this incident, it is crucial for users to remain vigilant when downloading packages from repositories, even those that are community-driven like the AUR. Regularly checking for updates, using trusted sources, and employing security measures can help mitigate the risks associated with malware. Furthermore, this event highlights the importance of community reporting and swift response in open-source ecosystems, underscoring the need for continuous monitoring and security protocols in software distribution platforms
Upon discovering the threat, the Arch Linux team acted swiftly to remove the compromised packages. By July 18th at approximately 6 PM UTC+2, all malicious entries had been eliminated from the AUR. Users who installed any of the affected packages are strongly advised to uninstall them immediately and verify their systems for any signs of compromise.
In light of this incident, it is crucial for users to remain vigilant when downloading packages from repositories, even those that are community-driven like the AUR. Regularly checking for updates, using trusted sources, and employing security measures can help mitigate the risks associated with malware. Furthermore, this event highlights the importance of community reporting and swift response in open-source ecosystems, underscoring the need for continuous monitoring and security protocols in software distribution platforms
Malware found in Arch User Repository
Arch Linux AUR packages containing malicious code were uploaded to theĀ Arch User Repository on July 16th, resulting in the installation of a Remote Access Trojan script. The impacted packages consist of librewolf-fix-bin, firefox-patch-bin, and zen-browser-patched-bin. The Arch Linux team has efficiently resolved the issue, and users are advised to uninstall the packages.
