alt Hacker News> We strongly encourage users that may have installed one of these packages […] to take the necessary measures in order to ensure they were not compromised.
How are they supposed to do that when you give them no information as to what the malware does?
Replies
gpm • yesterday at 6:07 PM
It says what the malware does, it's a remote access toolkit... It gives control of your machine to the malware operator.
The malware operator could have done anything with that access... There's no way for the maintainers to know what was done on any given infected machine.
➕ show 2 replies
Ancapistani • yesterday at 6:23 PM
It's ArchLinux. The user is expected to do their own due diligence.
➕ show 1 reply
npteljes • yesterday at 8:42 PM
In case of any infection, the necessary measures are to take the affected machines offline, extract whatever data you need, and then wipe.
Did you install one of those packages? If yes, nuke from orbit.
More interesting questions are:
- Who was the uploader? A packager? For how long?
- Do they maintain other packages?
- What steps can be taken to ensure that a similar problem doesn't happen in future?