Arch Linux has pulled three malicious packages uploaded to the Arch User Repository (AUR) were used to install the CHAOS remote access trojan (RAT) on Linux devices.
The packages were named "librewolf-fix-bin", "firefox-patch-bin", and "zen-browser-patched-bin," and were uploaded by the same user, "danikpapas," on July 16.
The packages were removed two days later by the Arch Linux team after being flagged as malicious by the community.
"On the 16th of July, at around 8pm UTC+2, a malicious AUR package was uploaded to the AUR," warned the AUR maintainers.
"Two other malicious packages were uploaded by the same user a few hours later. These packages were installing a script coming from the same GitHub repository that was identified as a Remote Access Trojan (RAT)."
Arch Linux users told to purge Firefox forks after AUR malware scare
Remcos RAT Masquerade as VeraCrypt Installers Steals Users Login Credentials
