Linux

14062 readers

279 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 3 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

129

Arch Linux AUR Hit By Another Wave Of Now More Sophisticated Malware Attack (www.phoronix.com)

submitted 1 week ago by cm0002 to c/linux@programming.dev

22 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] porkloin@lemmy.world 12 points 1 week ago* (last edited 1 week ago) (1 children)

CachyOS, which is one of the fastest growing distros and gets haphazardly recommended to tons of gaming refugees, ships with paru by default. Millions of forums, search results and LLM outputs encourage those same users to install stuff from AUR.

Any arch distro that has a sizeable non technical user base should know better than to ship or encourage using AUR. Shit like this is how we kill the “Year of the Linux desktop”.

[–] devfuuu@lemmy.world 6 points 1 week ago (1 children)

This is exactly how we make the year of linux happen. For an alternative OS to enter mainstream it needs to be at the level os windows, so should have lots of malware around.

[–] bitfucker@programming.dev 3 points 1 week ago* (last edited 1 week ago)

The problem is the delivery mechanism. Malware is quite rare in linux because we trust the maintainers. Unlike in windows where you're normalized to download executable off of the internet

Edit: What I meant is that notice almost always all of the attack on linux is supply chain based and not direct malware download. Be it via typosquat, package manager repository hijacking, or even long game like xz