[$] AURpocalypse now: a look at the recent AUR attacks
The Arch User Repository (AUR) hasbeen subjected to a sustained attack recently. The attacker, or attackers, havespun up a series of new accounts then used them to adopt orphanedpackages and push malicious updates that would install malware on users' systems.It is unclear how many users were compromised in the attack, but the maintainerswere playing Whac-A-Mole for several days to respond to each newly compromisedpackage. The project has turnedoff the AUR's new-user registration, for now, but it is unclear what its long-term response will be or if the AUR can be secured without major changes toits existing collaboration model.