There has been some discussion going on in this topic that might be of intrest to you.
1 Like
It was a pretty āhonestā form of malware I guessā¦ clearly advertised and made pretty obvious. Posting about it on reddit was also an interesting move 
1 Like
Donāt forget to read the .install file as well if itās listed in the PKGBUILD. Itās just a bash script which is triggered by install /update events and run as root so malicious code could easily be hidden there. Iāve never found any but I always look.
Iāve settled on Yay, Pacseek, and Octopi (in that order). Iāve also just read about Bauh, which looks interesting.
The blessing/curse of the AUR is that anyone can submit packages for distribution.
1 Like
yay -Syu pamac-aur (Is this good?)
Also how can one update without having to confirm -Y
Thanks 
You should not do this on an Arch-based distro.
You will sometimes receive prompts during an update that are important. You should always read them carefully.
4 Likes
The standard advice would be no, because it gives you pamac.
Pamac has known problems with parsing upgrades - sometimes forcing the replacement of repository packgaes with AUR variants as well as other issues.
Pamac is not a frontend for the standard package manager pacman.
When I last looked at bauh a few months ago it had hard-coded buttons for manjaro-specific tools (pacman-mirrors) and a number of the initiation buttons also forced partial-upgrades and/or forced refresh unnecessarily. So I would avoid it as well.
Its still up to any given user what to use. But both tools have known problems.
Still the only GUI that seems reasonable is octopi - a frontend for pacman and optionally supported aur-helpers like trizen and yay.
3 Likes
How was the Chaos Remote Access Trojan (RAT) discovered in those packages?
And will this is part of the news that is displayed with yay and/or pacman?
Iām still learning myself, but yay is an āaliasā as well as a command. Typing yay has the same effect as typing yay -Syu
I agree with cscs, you should avoid pamac since it was designed for Manjaro users and has had problems with EOS in the past. Octopi is a great GUI frontend for pacman, and I havenāt had any problems using it on EOS.
Honestly, you canāt go wrong using the preloaded commands in the Welcome-app.
2 Likes
When I started with GUI, I appreciated a graphic display which offered all possiblitiesā¦ with the pamac GUI it seemed brilliant, search āplexā and you can see any flatpaks, AUR entries alongside official repos.
However, it had serious issues actually parsing results - in short, it is crap for that - and thatās the ONLY good reason I can think of for not using a browser to search for software - especially when itās already far superior for browsing software.
New discovery google-chrome-stable
https://www.reddit.com/r/archlinux/comments/1me632m/is_this_another_aur_infect_package/
Wow thatās no good
But then again ,what linux user want to install chrome huh ??
1 Like
And this was one of the consequences we hoped not to manifest from all the low-effort news cyclers copying eachother and blasting the last story into the atmosphere. 
At least it appears some folks have realized its a good time to be extra vigilant and taken it upon themselves to scrutinize the new ones coming in.
^^ silver lining indeed.
How can one check and confirm if Chaos Remote Access Trojan (RAT) has infected a linux machine? And how to disinfect the machine.
Some articles are saying to looking for entries in /etc/crontab. But EOS does not use it. Is there any info that can be used.
Also apart from being careful of what is downloaded from AUR, what are the other mechanism that can be used to prevent this infection?
Someone mentioned to try:
āpacman -Q | moreāā¦and view the list.
Also someone said to run ātopsā, if systemd is ontop then something isnāt right but im not sure as systemd is always part of the main processors like xwayland etc.
If we are just trying to view the entirety of the installed packages then probably add an extra q;
pacman -Qq
But we could search..
pacman -Qqs google-chrome-stable
We could similarly check history, which would not rely on it currently being installed ..
grep 'google-chrome-stable' /var/log/pacman.log
As to investigating or remedying fallout from possible infection.. I would need to know what it actually had/did. I dont have that information.
All of these tips are fine. But it still does not resolve the problem of having malicious and malware packages being uploaded into AUR. Also being wary of newly uploaded packages or packages updated by new users also does not solve the problems. The Bad actors will go after inactive accounts or packages to infect AUR.
There needs to be an alternative to this.
1 Like
It has always been like this, youāre supposed to be aware of what youāre doing with AUR packages, if not, donāt use them, thereās no point to complain.
Arch is not a distro for newbies, but itās not that difficult to check the source in a PKGBUILD, if youāre unable to do it, stick to the official repos.
1 Like
There are a few
The easiest, Donāt install packages from the AUR.
Going to install anyway. Read up on what you are installing. Make sure itās the package you actually want. Donāt know ASK. Why is it everyone wants freedom but no one wants the responsibility of such?
YOU are responsible for what gets put on YOUR system. IF you donāt know what your doing, Educate yourself.
2 Likes