this post was submitted on 12 Jun 2026
240 points (99.6% liked)
Linux
14120 readers
234 users here now
A community for everything relating to the GNU/Linux operating system (except the memes!)
Also, check out:
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
~~Users can check if they're already compromised with
pacman -Q | grep alvrI think maybe?~~ EDIT: No, sorry, alvr was just one of countless affected packages. Also, several is an understatement since a huge number of packages are affected.Post with more information here: https://lists.archlinux.org/archives/list/aur-general@lists.archlinux.org/thread/FGXPCB3ZVCJIV7FX323SBAX2JHYB7ZS4/
Oh my, I'm new to Linux and I use CachyOS for my gaming rig at home. Most of the time I have no idea what I'm doing, but shit runs well and I'm happy about it. But how the hell do I check my noob ass if it's compromised?!
I'm not real clear on if this is the case but you could try:
Have you installed or updated from the AUR before, such as with Yay? Specifically after June 5th? If so, check this list or the post above for a list of compromised packages. https://gr.ht/aur_pkg_list.txt
Maybe
pacman -Q | grep atomic-lockfilebecause that appears to be what the threat actor is installing but I'm not really sure if that's how it works...?EDIT: If you really want to play it safe then you could try
yay -R $(pacman -Qmq)to remove every aur package and wait out the storm, just be careful to backup important files.