A massive supply chain attack targeting the Arch User Repository (AUR) has compromised more than 400 community-maintained packages, with attackers injecting malicious build scripts designed to deploy credential-stealing malware and rootkit-style payloads on affected Linux systems.
Is this the first time AUR has been compromised to this degree?
Given how changes are often unvetted, I am surprised this hasn’t occurred before.
I do believe so, yes. There was couple of cases in last year, but never to this extend. If I understand correctly, reading arch thread, it something to do with the fact that anyone can “adopt” orphaned package on AUR. Which is kinda wild.
A lot of the AUR is just build scripts for GitHub repos …