this post was submitted on 01 Aug 2025
82 points (93.6% liked)

Linux

8723 readers
448 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
82
Arch Linux Users at Risk Again as AUR Hit by Another RAT (news.itsfoss.com)
submitted 1 day ago by cm0002@programming.dev to c/linux@programming.dev
33 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] generator@lemmy.zip 18 points 1 day ago* (last edited 1 day ago) (5 children)

That's why you shouldn't blindly trust AUR, and always review the scripts before installing.

But something needs to change:

  • packages need to be reviewed (maybe also updates on new/untrusted users)
  • New package adoption need to be reviewed
  • Trusted users don't need package review
  • Trusted users can review new packages (from other users)

This won't stop here, more malware packages will appear, arch and Linux in general is getting more users and becoming a target, not only ArchLinux AUR but also other distros with custom repositories. Many users install packages from custom repositories blindly, or follow guides without any knowledge what they do.

2025 is the year of malware on Linux

[–] TeddE@lemmy.world 7 points 21 hours ago (2 children)

This is absolutely a shortcoming of Arch - but I don't see it getting fixed soon. Your change is practical, and could reduce the attack surface for bad actors, but it also introduces gatekeeping and would slow down time from code change to deployment. The open community and blazing fast end-to-end turnaround are both Arch key features (in my opinion).

If you prefer more vetted code, there's other great distros (Debian leaps to mind).

But honestly - yes, some people got hurt - but it was addressed in a day. That's not a bad turnaround ~ I've certainly seen that damage wrought by Windows- and iOS-based malware run at least that long.

This can be seen as the system working as intended. Please don't run Arch on mission critical systems. There's other distros for that. While this vulnerability is Arch-specific, this OS is often a canary for others. But if you can tolerate being on the frontier, Arch is very well documented and is great for learning - and yes it has some risk.

[–] generator@lemmy.zip 5 points 20 hours ago* (last edited 20 hours ago) (1 children)

Arch also warns uses about AUR, use at at your own risk, and can break your system.

My approach isn't definitely not the best solution, I was saying this is only the beginning, and with other arch based distros also using AUR only gets worse, if there's any moderation and some kind of package control before publishing then when thins get real bad maybe too late and arch starts loosing users.

Now is just some packages, later could be some popular package take overs or some kinda spoofing of other packages.

I use arch BTW (since 2011), and ~~Debian~~ Armbian on Raspberry Pi, one is rock solid the other sometimes break with updates

[–] TeddE@lemmy.world 3 points 19 hours ago

I think we're broadly in agreement here, and I think both our statements are important to the Linux discussion. Moreover, we're not speaking privately - I wish I could direct recent converts from Windows to this thread as a whole, as you offer good advice - be wary of your sources & learning how to inspect gifts you're offered is excellent advice.

load more comments (2 replies)