On 5/28/26 7:28 AM, Fabio Loli wrote:
Il 27/05/26 21:31, Claudia Pellegrino ha scritto:Hi Fabio,Thanks for the report! I can confirm that the NPM package delivered by the install script contains malware in its preinstall binary. [1]pkgbuild plex-media-player have been updated to include: […] Duplicates uploaded today always by new suspicious accounts are: plex-media-player-v2 plex-media-player-mod plex-media-player-custom also have 'npm install crypto-javascript' in .install fileI have deleted the three new packages and cleaned up the malicious commit on plex-media-player via force push.The accounts responsible for the malicious commits have been suspended. I have also reported the infected package on NPM. Thanks again for your help. Much appreciated! [1]: https://socket.dev/npm/package/crypto-javascript/overview/4.3.6 Regards ClaudiaThnaks for your work The malicious account on plex-media-player (abrahamhigueras) and swift-language (klarapavlikova) still own the pkgbuild are active for what I can see
Hey, Both of these accounts have been banned yesterday.The PKGBUILDs will be orphaned when someone fills an orphan request and shows interest to pick them up. Force disowning them immediately is a risk that they get instantly re-adopted by a malicious account.
-- Regards, Robin Candau / Antiz
OpenPGP_0xFDC3040B92ACA748.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
