20,000 Linux users grabbed a malicious Cemu build that steals passwords for coding and cloud credentials
Publish Date: 2026-05-13 10:54:00
Source Domain: www.xda-developers.com
Summary
- Cemu Linux builds on GitHub were compromised May 6-12th, 2026; nearly 20,000 downloads likely infected.
- If infected, a clean OS install is advised; otherwise, delete binaries and reset passwords, tokens, and SSH keys.
- People downloading Cemu via Flatpak were unaffected by the attack.
Linux isn’t as virus-free as it used to be. Once heralded as pretty useless, Linux antivirus software is more valuable now than ever, as people discover exploits and attacks in the open-source world more often than we’d like.
Such is the case with the Cemu emulator, which recently suffered a malicious attack that led to almost 20,000 Linux users downloading an infected file. And while the issue has since been remedied, people who downloaded a potentially infected file should take steps to protect themselves now.
20,000 people downloaded an infected Linux build of Cemu
Flatpak users are not affected, though
The developers behind Cemu published a post detailing what’s going on. Between the 6th and 12th of May, 2026, the files “Cemu-2.6-x86_64.AppImage” and…
