this post was submitted on 12 Jun 2026

216 points (99.5% liked)

Linux

13955 readers

569 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 3 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

216

Arch Linux AUR Malware Campaign Hits Multiple User-Contributed Packages (linuxiac.com)

submitted 1 day ago by cm0002@lemy.lol to c/linux@programming.dev

63 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] FiniteBanjo@programming.dev 1 points 8 hours ago* (last edited 8 hours ago)

I'm not real clear on if this is the case but you could try:

Have you installed or updated from the AUR before, such as with Yay? Specifically after June 5th? If so, check this list or the post above for a list of compromised packages. https://gr.ht/aur_pkg_list.txt
Maybe pacman -Q | grep atomic-lockfile because that appears to be what the threat actor is installing but I'm not really sure if that's how it works...?

EDIT: If you really want to play it safe then you could try yay -R $(pacman -Qmq) to remove every aur package and wait out the storm, just be careful to backup important files.