`acroread` package compromised in AUR

An attacker took over maintenance for the orphaned acroread package in Arch Linux’s AUR and added code designed to fetch malware from the public internet in user’s systems.

Impact

System information might have leaked to the attacker
Account suspended and commit reverted

Type of compromise

Malicious adoption

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.