434
400+ Arch Linux AUR Packages Compromised in a Supply Chain Attack Deploying Infostealers
(cybersecuritynews.com)
this post was submitted on 12 Jun 2026
434 points (99.8% liked)
Technology
85391 readers
3730 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Wow, I have 229 AUR packages installed but none of them is on the infected list!
Am I just lucky?
Holy shit lol...
i have a few machines and lots of aur packages and none of mine have a single hit either
Check again, it's around 1500+ packages now.
How do you guys check against that list? Especially when people have so many aur packages. I simply searched the list for each package manually but I only have 5. Do you write scripts?
So far I've just checked the diff of every package update. But with that many, I think we should maybe start using using the script provided in the article that you evidently didn't read.
I read another article before which did not mention the script but only listed all affected packages. So yeah I should read this article :)
typical arch user, doesn't know how to use grep.