this post was submitted on 13 Jun 2026
41 points (100.0% liked)
Arch Linux
289 readers
1 users here now
Discussion community about the Arch Linux distro.
Wiki : https://wiki.archlinux.org/
Site : https://archlinux.org/
Packages : https://archlinux.org/packages/
GitLab : https://gitlab.archlinux.org/archlinux
Downloads : https://archlinux.org/download/
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Is this newly submitted packages which are malware, or existing packages which had malware introduced to them? And is there a list of affected packages anywhere?
It looks like they were existing packages.
List here: https://cscs.pastes.sh/raw/aurvulnlist20260611.txt
Got that from: https://discuss.cachyos.org/t/aur-compromised-1500-packages-affected-20260611/31040
They have a script that can check if you have any of them.
Thanks, looks like I'm ok
They're existing packages that were abandoned by the original authors and then had ownership claimed by malicious parties