this post was submitted on 12 Jun 2026
216 points (99.5% liked)

Linux

13955 readers
583 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 3 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
216
Arch Linux AUR Malware Campaign Hits Multiple User-Contributed Packages (linuxiac.com)
submitted 1 day ago by cm0002@lemy.lol to c/linux@programming.dev
63 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] FiniteBanjo@programming.dev 17 points 1 day ago* (last edited 23 hours ago) (2 children)

~~Users can check if they're already compromised with pacman -Q | grep alvr I think maybe?~~ EDIT: No, sorry, alvr was just one of countless affected packages. Also, several is an understatement since a huge number of packages are affected.

Post with more information here: https://lists.archlinux.org/archives/list/aur-general@lists.archlinux.org/thread/FGXPCB3ZVCJIV7FX323SBAX2JHYB7ZS4/

[–] TheDuke@europe.pub 4 points 15 hours ago (1 children)

Oh my, I'm new to Linux and I use CachyOS for my gaming rig at home. Most of the time I have no idea what I'm doing, but shit runs well and I'm happy about it. But how the hell do I check my noob ass if it's compromised?!

[–] FiniteBanjo@programming.dev 1 points 10 hours ago* (last edited 9 hours ago)

I'm not real clear on if this is the case but you could try:

  1. Have you installed or updated from the AUR before, such as with Yay? Specifically after June 5th? If so, check this list or the post above for a list of compromised packages. https://gr.ht/aur_pkg_list.txt

  2. Maybe pacman -Q | grep atomic-lockfile because that appears to be what the threat actor is installing but I'm not really sure if that's how it works...?

EDIT: If you really want to play it safe then you could try yay -R $(pacman -Qmq) to remove every aur package and wait out the storm, just be careful to backup important files.

[–] Grass@sh.itjust.works 5 points 1 day ago (4 children)

alvr as in the vr streaming program for standalone headsets? that's kind of a niche among niches. Linux VR users with standalone vr headsets that use that specific method.

[–] webghost0101@sopuli.xyz 18 points 1 day ago* (last edited 1 day ago) (1 children)

Sweats in “linux vr is one of my current hobby projects”

[–] Grass@sh.itjust.works 5 points 20 hours ago (1 children)

it's going to be year of the linux vr soon anyway

[–] django@discuss.tchncs.de 2 points 20 hours ago

I am so hyped for this actually

[–] NOPper@lemmy.dbzer0.com 5 points 22 hours ago

I panicked a bit when I saw the news earlier today as one of those niche guys. Then remembered I had removed it for WiVRn a few weeks ago and don't have anything else off the AUR. Double niche win lol

[–] FiniteBanjo@programming.dev 3 points 1 day ago* (last edited 1 day ago)

EDIT: No, sorry, alvr was just one package, there is no specific source for the infection just one or many malicious users: https://gr.ht/aur_pkg_list.txt

[–] timestatic@feddit.org 1 points 20 hours ago

I actually had the alvr bin aur installed on my old destop machine. Its just the only proper way for me on Quest to properly play any PCVR games. But i haven't used nor updated that one in a while. My new arch machine luckily doesn't have this installed but now im freaking out