This is why you do not run KDE on a PC. Use Xfce 4 instead and a more secure distribution like Alma Linux that is more reliable. This is a joke, first the KDE screensaver with malicious code and now this. This is not looking good. Why can a theme run malicious code in the first place? You should not be able to upload and make a theme available until it has been vetted for dangerous code and other exploits. This is pretty simple. Gnome does not have this issue and neither does Xfce 4. So do not install Global Themes on KDE Plasma 6 unless you want your data wiped from your user account. This is pretty simple is it not? Gnome and Cinnamon are much more reliable anyway. Gnome has a lot of very nice themes and icons available. Installing them does not wipe all of your data. Installing a global theme on KDE can run a bash script that could do anything the coder wanted and this is a big security risk. So please stay away from them at all costs. Chinese hackers could exploit this and spread malware and rootkits.
This is not a good look for free software in any respect. Security needs to be much higher.
This is the code in question.
if(cmd.indexOf("save.sh") != -1 || cmd.indexOf("rm -Rf") != -1) { listView.forceLayout(); loadMask.visible = false; col1.enabled = true; } |
This theme has been removed from the KDE theme store, but this is not the last one considering everyone knows how to execute code this way, others will try this. The KDE store must be properly curated to block malicious code from being implemented in the future. Letting everyone upload the code as they please is not the way to go.