106
Active AUR malicious packages incident
(archlinux.org)
A community for everything relating to the GNU/Linux operating system (except the memes!)
Also, check out:
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
This attack was executed by a script running in the PKGBUILD itself. You didn't have to run the application to be infected since just building it will infect your machine.
Yeah, I bet the build process could also be sandboxed, but Im sure its not the default.
Sandboxing the build process would be a process. Nix already does it, for example. Many AUR packages don't include a full list of dependencies.
It also had an install script that will be run as root when the package is installed. Can't sandbox that.