Compromise of 32 Red Hat packages in the NPM directory and 1,577 packages in the AUR repository
A good addition to the collection.
The news needs to be given time to settle, and then the details can be savored.
- Red Hat, RED HAT, CARL!
- GitHub Actions, as usual.
- NPM, we’re already used to it.
- Arch User Repository, it’s already more interesting.
The Return of Shai-Hulud: Red Hat NPM Packages Compromised.
96 versions across 32 packages have been compromised, cumulatively downloaded 116,991 times per week.
1577 malicious packages in Arch User Repository.
AUR malware report thread.
Analysis of AUR malware.
What do we have as a result?
Red Hat, who would have thought?
AUR, the legitimate repository of the distribution.
If this continues, trust in the main distribution repositories will soon be lost.