rafssunny@lemmy.zip to Technology@lemmy.worldEnglish · 2 days agoArch Linux Now Believes Malware Incident Under Control: More Than 1,500 Affected Packageswww.phoronix.comexternal-linkmessage-square56linkfedilinkarrow-up1267arrow-down12
arrow-up1265arrow-down1external-linkArch Linux Now Believes Malware Incident Under Control: More Than 1,500 Affected Packageswww.phoronix.comrafssunny@lemmy.zip to Technology@lemmy.worldEnglish · 2 days agomessage-square56linkfedilink
minus-squarebrokenwing@discuss.tchncs.delinkfedilinkEnglisharrow-up2·edit-21 day agoWhat to do if I found a package I installed to be in that list? libgdata to be specific? Edit: Seems that the libgdata package was last installed on March 05.
minus-squarePetersson@feddit.orglinkfedilinkEnglisharrow-up2·edit-22 days agoHave a check if you updated it recently (PKGBUILD history, about June 10-12). If not you’re fine. If: Rotate all credentials — browser passwords, SSH keys, API tokens, and cloud access keys Scan for suspicious processes masquerading as kernel threads using tools like rkhunter or chkrootkit (E: It’s supposed to be an eBPF rootkit) (reference) Personally I would reset everything if I got anything, to kill both any infection and my paranoia. Then reset credentials.
minus-squareilmagico@lemmy.worldlinkfedilinkEnglisharrow-up1·2 days agoWas it installed from the aur? If not, you’re fine
minus-squareA_norny_mousse@piefed.ziplinkfedilinkEnglisharrow-up1arrow-down1·2 days agoProbably reinstall (all is supposed to be fixed as of over 12h ago). This time check the PKGBUILD and also whichever (git) repo the software is pulled from. See if infected versions of npm packages atomic-lockfile and js-digest are installed. See here: https://bbs.archlinux.org/viewtopic.php?id=313892
What to do if I found a package I installed to be in that list? libgdata to be specific?
Edit: Seems that the libgdata package was last installed on March 05.
Have a check if you updated it recently (PKGBUILD history, about June 10-12). If not you’re fine.
If:
(reference)
Personally I would reset everything if I got anything, to kill both any infection and my paranoia. Then reset credentials.
Was it installed from the aur? If not, you’re fine
Probably reinstall (all is supposed to be fixed as of over 12h ago). This time check the PKGBUILD and also whichever (git) repo the software is pulled from.
See if infected versions of npm packages atomic-lockfile and js-digest are installed.
See here: https://bbs.archlinux.org/viewtopic.php?id=313892