 |
Last week we reported on malware being uploaded to the Arch User Repository (AUR). While initial reports indicated there were around 400 packages affected, since then additional attacks have impacted more packages. In response, the AUR maintainers have disabled new account sign-ups in an effort to stop the flow of sabotage. FOSS Force reports: "Initial reports were that 400 packages were affected, that AUR's maintainers went into high gear, and took care of the problem. By the end of the story's first chapter, the total number of affected packages sat at 1,500 packages. Case closed. After that, we heard about another round, this time more sophisticated and harder to detect. There were obviously additional packages involved, but not much emphasis on keeping a running count, although there were some numbers floating around." |