Steam Hardware

22286 readers

93 users here now

A place to discuss and support all Steam Hardware, including Steam Deck, Steam Machine, Steam Frame, and SteamOS in general.

As Lemmy doesn't have flairs yet, you can use these prefixes to indicate what type of post you have made, eg:
[Flair] My post title

The following is a list of suggested flairs:
[Deck] - Steam Deck related.
[Controller] - Steam Controller related.
[Machine] - Steam Machine related.
[Frame] - Steam Frame related.
[Discussion] - General discussion.
[Help] - A request for help or support.
[News] - News about the deck.
[PSA] - Sharing important information.
[Game] - News / info about a game on the deck.
[Update] - An update to a previous post.
[Meta] - Discussion about this community.

If your post is only relevant to one hardware device (Deck/Machine/Frame/etc) please specify which one as part of the title or by using a device flair.

These are not enforced, but they are encouraged.

Rules:

Follow the rules of Sopuli
Posts must be related to Steam Hardware or Steam OS in an obvious way.
No piracy, there are other communities for that.
Discussion of emulators are allowed, but no discussion on how to illegally acquire ROMs.
This is a place of civil discussion, no trolling.
Have fun.

Link to our Matrix Space

founded 4 years ago

MODERATORS

Moxvallix@sopuli.xyz

Fubarberry@sopuli.xyz

Malicious Atomic Arch NPM Campaign Thread (jlai.lu)

submitted 23 hours ago by Tetsuo@jlai.lu to c/steamdeck@sopuli.xyz

13 comments fedilink hide all child comments

cross-posted from: https://discuss.tchncs.de/post/62150833

Decided to create a thread for tracking and sharing the news and opinions on the new Malicious Atomic Arch NPM Campaign in which more than 1600 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit.

Find the infected packages: https://md.archlinux.org/s/SxbqukK6IA

Package        Popularity                Affected                 Reverted
libgdata           16.98% (2026-06-11 14:59+00:00) (2026-06-11 17:30+00:00)
python-future       5.38% (2026-06-11 15:58+00:00) (2026-06-11 16:54+00:00)
gdl                 3.36% (2026-06-11 13:35+00:00) (2026-06-11 17:32+00:00)
libquvi-scripts     2.31% (2026-06-11 15:05+00:00) (2026-06-11 17:33+00:00)
libquvi             2.22% (2026-06-11 15:04+00:00) (2026-06-11 17:33+00:00)
gtkimageview        2.19% (2026-06-11 13:44+00:00) (2026-06-11 17:33+00:00)
python2-pyparsing   2.02% (2026-06-11 14:23+00:00) (2026-06-11 17:40+00:00)
python2-appdirs     1.96% (2026-06-11 14:22+00:00) (2026-06-11 17:26+00:00)
compiler-rt19       1.95% (2026-06-11 14:23+00:00) (2026-06-11 17:30+00:00)
python2-packaging   1.90% (2026-06-11 14:21+00:00) (2026-06-11 17:38+00:00)
wine-nine           1.86% (2026-06-11 15:48+00:00) (2026-06-11 21:36+00:00)
clang19             1.86% (2026-06-11 15:36+00:00) (2026-06-11 21:24+00:00)
clang15             1.76% (2026-06-12 12:34+00:00) (2026-06-12 12:54+00:00)
mono-addins         1.69% (2026-06-11 15:33+00:00) (2026-06-11 21:34+00:00)
python2-chardet     1.68% (2026-06-12 12:42+00:00) (2026-06-12 14:48+00:00)
python-monotonic    1.55% (2026-06-11 15:43+00:00) (2026-06-11 21:37+00:00)
python2-cffi        1.47% (2026-06-12 12:44+00:00) (2026-06-12 15:10+00:00)
alvr                1.26% (2026-06-11 13:54+00:00) (2026-06-11 16:50+00:00)
python2-gobject     1.23% (2026-06-12 12:44+00:00) (2026-06-12 14:47+00:00)
vidcutter           1.03% (2026-06-11 13:24+00:00) (2026-06-11 17:43+00:00)

Learn more about the attack: https://www.sonatype.com/blog/atomic-arch-npm-campaign-adds-malicious-dependency.

you are viewing a single comment's thread
view the rest of the comments

[–] Tetsuo@jlai.lu 1 points 19 hours ago (1 children)

That was my understanding but I'm not sure I agree with your conclusion though.

This hack drops an infostealer that could steal passwords and other secrets, so even if the system removes the malware, the data stolen would still be an issue.

So you can be infected for even a few days and get some passwords stolen that would still be problematic.

But yeah the subset of Steamdeck users that activated write mode and installed an affected AUR package must be pretty small.

[–] thingsiplay@lemmy.ml 1 points 19 hours ago

That was my understanding but I’m not sure I agree with your conclusion though.

My conclusion does align with yours, so I'm not sure what you mean. It is likely to be infected, because most people don't use the AUR on the Steam Deck (because of the reverting back). And my conclusion was, if anyone is infected, then I would not trust the system anymore.