alt Hacker NewsI wondered about the same thing. Not an answer, but my guess would be that it's just a new package and they hoped someone picked it up by accident? In that case, it was patched with malware :)
I wondered about the same thing. Not an answer, but my guess would be that it's just a new package and they hoped someone picked it up by accident? In that case, it was patched with malware :)
They (or someone in cahoots with them) made at least one attempt [0] to lure readers of the Arch Linux subreddit to the malicious PKGBUILD.
IIRC, the post was just a single paragraph, praising how they “found” the zen-browser-patched-bin package on the AUR and how much it helped them.
[0]: https://www.reddit.com/r/archlinux/comments/1m30py8/aur_is_s...