[defraudbah]

i installed a lot of cra* from aur in the past, wouldn't be surprised if i got a malware somewhere. Strange thing, I don't think open snitch would even help in such situation..

and official repo does not have enough packages to run arch :\ I don't want to go back to ubuntu

[gus_]

I haven't taken a look at the malware, but it seems to download files from the Internet so it should have warned you to allow/deny the outbound connections.

It'd be nice to test it with a sample of aur package/malware.

[defraudbah]

it does, I am using it extensively (little snitch on mac, and open snitch on linux). My problem with it is that every new tool wants to connect to the internet and my terminal is the constant source of outbound connections. I try to review everything but the amount of tools and connections is overwhelming. It does limit the risk, but i do not trust my terminal and dev tools as usually i give them way too many permissions and any plugin or tool from AUR can contain malware

PS. Regarding downloading files from internet, every self-update tool does that nowadays, it becomes more common because of apple/others stores policies. I created a few remote control tools and it is very very difficult to caught them, and I am not even a professional malware researcher. Things they do is beyond understanding of average superuser