On 6/11/26 9:50 AM, Mark Wagie wrote:
> A new Maintainer adopted gnome-randr-rust and added an install file with the
> following:
> 
> npm install atomic-lockfile yargs
> 
> https://aur.archlinux.org/cgit/aur.git/commit/?h=gnome-randr-
> rust&id=da9f4cf2d470bd603968ef605736285a2e0c8880 <https://aur.archlinux.org/
> cgit/aur.git/commit/?h=gnome-randr-rust&id=da9f4cf2d470bd603968ef605736285a2e0c8880>


More malware packages recently pushed:
- fastjet
- lowfi-bin
- gnutls3.8.9

User: martinaritter

Each of these had the malicious npm install atomic-lockfile added.

Best Regards,
AlphaLynx

Attachment: OpenPGP_signature.asc
Description: PGP signature

Attachment: OpenPGP_0x100ED08AC2F74784.asc
Description: application/pgp-keys

Reply via email to