Arch Linux AUR Malware Campaign Hits Multiple User-Contributed Packages
20 hours ago
- #Malware Incident
- #Security Alert
- #AUR
- Arch Linux's AUR is experiencing a malware incident involving malicious commits in user-contributed packages.
- Malicious commits attempt to download npm-based payloads during package installation.
- Incident affects only the Arch User Repository (AUR), not official Arch Linux repositories.
- Cleanup efforts are ongoing, with malicious commits removed and accounts banned.
- Users should review PKGBUILD diffs and .install files before updating AUR packages.
- Reports indicate changes adding unrelated npm commands, such as in the alvr package.
- Users recently updating affected packages should check for suspicious install scripts.
- Community is tracking affected packages and asking for reports of further malicious commits.
- Full scope is still being evaluated; list of affected packages may change.