The Arch Linux AUR had over 400 packages compromised with malware
The Arch Linux AUR had over 400 packages compromised with malware
Publish Date: 2026-06-12 07:40:00
Source Domain: www.gamingonlinux.com
Looks like the Arch Linux AUR (Arch User Repository) needs some better security and package checks – as some malicious users compromised a lot of packages.
For those who aren’t clear on the details – the AUR is a community-driven way of providing extra software for Arch Linux. Anyone can submit a package to it. This is completely separate to the actual Arch Linux packages which were not hit.
There’s a thread on the public AUR Mailing List with people reporting packages, where it seems like over 400 packages were hit with the issue. Arch packager Jonathan Grotelüschen mentioned work was ongoing to “reset/delete all malicious commits and ban the accounts”.
From the packages that were changed, they were made to include a malicious npm package, along with pulling in some sort of keylogger / credentials stealer – so it’s really quite a shocking security breach to have affected so many different packages.
Hopefully the mess will get sorted fully soon, and for some improvements to the packaging processes to prevent this from happening in future. Especially with the rise of AI bots, and how much easier this sort of thing has become thanks to them – it could end up a lot worse in future.
Oh dear.
Article taken from GamingOnLinux.com.
