All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.
First reported by Hacker News
Over 400 AUR Packages Compromised with Infostealer and Rootkit by Malicious Maintainer

Over 400 Arch Linux AUR Packages Compromised in Malware Campaign

By

Written by Michael Larabel in Arch Linux on 12 June 2026 at 06:39 AM EDT. 43 Comments

12h ago· 1 min readenNews
Bagel score 65 of 100
65/100
Toasty
Bagelometer

Right out the toaster. Reliable, with some real depth.

Score65TypenewsSentimentnegative

Summary

A large-scale malware campaign compromised over 400 user-supplied packages in the Arch Linux User Repository (AUR). Arch Linux maintainers have been working to reset/delete malicious content and ban affected accounts since the discovery. The attack only affects AUR packages, not official Arch Linux packages.

Key quotes

· 4 pulled
The Arch Linux User Repository 'AUR' was hit by a large-scale malware campaign this week with more than 400 of these user-supplied packages being compromised.
Since yesterday Arch Linux maintainers have been working to reset/delete all of the malicious content and banning affected accounts.
Over 400 packages are believed impacted by this latest malware campaign for Arch Linux's AUR.
Again, to be completely clear, this just is affecting AUR packages and not the official Arch Linux packages.
Snippet from the RSS feed
The Arch Linux User Repository 'AUR' was hit by a large-scale malware campaign this week with more than 400 of these user-supplied packages being compromised.

You might also wanna read

Over 400 AUR Packages Compromised with Infostealer and Rootkit by Malicious Maintainer

A new AUR (Arch User Repository) package maintainer named "arojas" has compromised over 400 packages by adopting and infecting them with inf

discourse.ifin.network·1d ago

Malicious Malware Found in AUR Packages - Aur-general

A malicious AUR package containing malware was discovered in firefox-patch-bin, librewolf-fix-bin, and zen-browser-patched-bin AUR packages

lists.archlinux.org·10mo ago

NPM Vulnerability Allows 126 Malicious Packages to Be Downloaded 86,000+ Times

Security researchers have discovered a major vulnerability in NPM (Node Package Manager) that allows attackers to distribute malicious packa

arstechnica.com·7mo ago

Multiple @redhat-cloud-services npm packages compromised in supply chain attack

Multiple npm packages under the @redhat-cloud-services scope have been compromised with malicious releases. The affected packages include @r

github.com·11d ago

Growing Threat of Malicious Attacks via Open-Source Packages

Malicious attacks using open-source packages are a growing threat, with cybercriminals exploiting repositories like PyPI and npm. Despite in

securelist.com·11mo ago

Nx Build Kit Security Breach: Malware Steals Wallets and Credentials via GitHub Repositories

A security breach has been discovered in the popular Nx build kit where malicious post-install commands create unauthorized repositories nam

semgrep.dev·9mo ago