Arch contributors are cleaning up a malware incident in the AUR after suspicious updates appeared across several user-maintained packages.

Arch Linux’s AUR is experiencing a malware incident involving user-contributed packages with malicious commits that attempt to download npm-based payloads during installation. (…)

Arch users should not update AUR packages without review. Examine PKGBUILD diffs, check any new .install files, and be cautious if updates introduce npm commands or dependencies unrelated to the software.

Users who recently updated affected AUR packages should review package history, examine executed suspicious install scripts, and treat any unexpected npm-based installation behavior as a possible compromise.

  • Strit@lemmy.linuxuserspace.show
    8·
    11 hours ago

    Which is why users are recommended to audit the PKGBUILD and related files before building and installing the packages. In the end, what happens during the installation of AUR packages are the users responsibility.

    • juipeltje@lemmy.world
      1·
      16 minutes ago

      Yeah admittedly when i was still using Arch at the time i never read the PKGBUILD. For one i was still more of a newb who didn’t understand the PKGBUILD files yet, but it also didn’t seem to be as much of a problem back then (this was like 5 years ago or something). I don’t use Arch or the AUR anymore now though.