On 2026-06-13 21:41, Benoît Zugmeyer wrote:
Those packages are likely compromised (all from a malicious user charlottedurand <https://aur.archlinux.org/account/charlottedurand>):
I took care of these, thanks.
The malicious code in this is lightly obfuscated using string concatenation in the post install hook to avoid basic pattern matching using grep, etc. Is that new?
That’s new, yes. -- tippfehlr
OpenPGP_signature.asc
Description: OpenPGP digital signature
