104
Active AUR malicious packages incident
(archlinux.org)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 12 Jun 2026
104 points (100.0% liked)
Linux
13931 readers
432 users here now
A community for everything relating to the GNU/Linux operating system (except the memes!)
Also, check out:
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 3 years ago
MODERATORS
Holy heck, I barely dodged this.
I don't have many AUR packages installed, but graalVM JDK8 was one of them and infected, and I did a paru update recently. Fortunately (looking at my update history) it wasn't upgraded, so the package must not have been compromised just yet. Or maybe already rolled back, not sure.
I narrowly doged a similar bullet with PyTorch nightly from PyPi, not that long ago.
…It’s a good lesson, I guess. Shrink my AUR list to the absolute bare minimum, small enough to check pkgbuikds closely, and uninstall npm.
EDIT: And freaking use Docker and Flatpak, and partition my finances.