On Sat, 13 Jun 2026, at 8:31 PM, Edmund Lodewijks wrote:
> Hallo!
> 
> Reporting AUR package: caja-deja-dup-bzr
> 
> Just found this one, a former package of mine that I apparently still 
> receive updates for:
> 
> caja-deja-dup-bzr 
> <https://aur.archlinux.org/cgit/aur.git/log/?h=caja-deja-dup-bzr>
> 
> Perhaps a script that checks all uploads via SSH / changes on disk, and 
> flags any addition of 'bun' etc?
> 
> Kind regards,
> Edmund
> 
> 
> -- 
> Edmund Lodewijks <[email protected]>
> TZ: UCT+2 / GMT+2
> 

The malicious code in this is lightly obfuscated using string concatenation in 
the post install hook to avoid basic pattern matching using grep, etc. Is that 
new?

Reply via email to