The security situation with the Arch Linux AUR got a lot worse
The security situation with the Arch Linux AUR got a lot worse
Publish Date: 2026-06-14 15:37:00
Source Domain: www.gamingonlinux.com
Oh dear, the situation with the Arch Linux AUR got a fair bit worse since GamingOnLinux initially covered the malicious packages.
At the time the initial article was put up, there were a bit over 400 compromised packages on the Arch Linux Arch User Repository (AUR). That list of affected packages (source) rose quite sharply to over 1,400 and checking again now there’s nearly 2,000 noted. That’s a lot of packages to be hit like this.
Later last night the attacks were reported to be continuing on “with obfuscated code”, and another report in the early hours of this morning noting it’s become “a little bit more elaborate”. Not all of the packaging issues are as bad as the initial wave of trying to steal credentials, some are just adding ridiculous messages in Russian.
The AUR developers and maintainers are clearly going to need to rethink how the service is run. While it’s a wonderful idea to let anyone come along and package extra apps and such if they’re missing from Arch Linux repositories, anything left open in any way is going to cause problems. Especially so now in 2026, when Linux is clearly more popular than ever – anything Linux related like this is going to become a bigger target. And with AI bots too, making such a hit has become far easier.
At least some level of human review is going to be needed. Otherwise, this certainly won’t be the last time we see the AUR having security problems.
Article taken from GamingOnLinux.com.
