All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.
First reported by Hacker News
Over 400 AUR Packages Compromised with Infostealer and Rootkit by Malicious Maintainer

Arch Linux AUR hit by wave of malware-infected package descriptions

By

Sylvester Tremmel

1d ago· 3 min readenNews
Bagel score 85 of 100
85/100
Golden Brown
Bagelometer

If you only eat one bagel today, this is the bagel.

Score85TypenewsSentimentnegative

Summary

The Arch User Repository (AUR) is experiencing a large-scale attack where malicious actors have taken over hundreds of orphaned package descriptions (PKGBUILDs), injecting malware into them and publishing them as new versions. The Arch Linux maintainers are responding by calling for user reports and conducting a mass deletion campaign to remove the malicious updates and block the attackers' accounts. The AUR differs from official repositories as it contains build descriptions rather than pre-built packages, making it more vulnerable to such attacks when packages become orphaned.

Key quotes

· 3 pulled
The Arch User Repository (AUR) is facing an extensive wave of attacks.
Attackers have taken over hundreds of orphaned package descriptions, added malware, and published them in new versions.
The Arch maintainers are counteracting with a call for reports and a large-scale deletion campaign to remove malicious updates and block accounts used by the attackers.
Snippet from the RSS feed
Arch Linux defends itself against a wave of attacks that have massively contaminated package descriptions in the unofficial Arch User Repository with malware.

You might also wanna read

Arch Linux AUR Malware Incident: Over 1,500 Packages Compromised, Now Under Control

Arch Linux's AUR (user-contributed repository) experienced a major malware incident that started with over 400 compromised packages and esca

phoronix.com·9h ago

Arch Linux AUR Malware Incident: Over 1,500 Packages Compromised, Now Under Control

Arch Linux's AUR (user-contributed repository) experienced a major malware incident that started with over 400 compromised packages and esca

phoronix.com·9h ago

Over 400 AUR Packages Compromised with Infostealer and Rootkit by Malicious Maintainer

A new AUR (Arch User Repository) package maintainer named "arojas" has compromised over 400 packages by adopting and infecting them with inf

discourse.ifin.network·1d ago

Malicious Malware Found in AUR Packages - Aur-general

A malicious AUR package containing malware was discovered in firefox-patch-bin, librewolf-fix-bin, and zen-browser-patched-bin AUR packages

lists.archlinux.org·11mo ago

Nx Build Kit Security Breach: Malware Steals Wallets and Credentials via GitHub Repositories

A security breach has been discovered in the popular Nx build kit where malicious post-install commands create unauthorized repositories nam

semgrep.dev·9mo ago

Growing Threat of Malicious Attacks via Open-Source Packages

Malicious attacks using open-source packages are a growing threat, with cybercriminals exploiting repositories like PyPI and npm. Despite in

securelist.com·11mo ago

Arch Linux Achieves Bit-for-Bit Reproducible Docker Image with New 'Repro' Tag

Arch Linux has achieved a significant milestone by creating a bit-for-bit reproducible Docker image, distributed under a new 'repro' tag. Th

antiz.fr·1mo ago