Arch contributors are cleaning up a malware incident in the AUR after suspicious updates appeared across several user-maintained packages.

Arch Linux’s AUR is experiencing a malware incident involving user-contributed packages with malicious commits that attempt to download npm-based payloads during installation. (…)

Arch users should not update AUR packages without review. Examine PKGBUILD diffs, check any new .install files, and be cautious if updates introduce npm commands or dependencies unrelated to the software.

Users who recently updated affected AUR packages should review package history, examine executed suspicious install scripts, and treat any unexpected npm-based installation behavior as a possible compromise.

  • sanpo@sopuli.xyz
    13·
    11 hours ago

    What a terrible article.

    “Multiple” packages mentioned in the title, but they’re unable to actually name more than one in the article…

    //edit
    Actually, they did leave a link to the mailing list thread at the very end.
    I should learn to read the entire article…

    • Bananskal@nord.pubEnglish
      2·
      9 hours ago

      I was wondering why you felt that way 😅 Usually this source produces good content lol