Show threadJTI16h ago

@sodiboo @ifin @threatintel

Also, notable mention. unexpected thread: https://github.com/lenucksi/aur-malware-check/issues/5

Are there any plans on some bit more central validation, maybe even with some AI/LLM/... with regular conversion of insights to fixed/deterministic rules as discussed throughout the thread? Something something semgrep/opengrep, yara, flathub manifest style etc pp?

Also: How does this incident not yet have a creative name? I'm not asking for a #bumsrakete but there's gotta be something 🤣

#llm #flathub #abuseprevention #malwareCheck #yara #opengrep #archLinux #archlinuxaur #aur

AURSCAN: Scanning AUR packages using Claude LLM · Issue #5 · lenucksi/aur-malware-check

Please have a look at https://github.com/manticore-projects/aurscan and maybe add.

GitHub
🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉23h ago

Forum FAQ explains how to check for compromised AUR packages after the Jun 9–12 supply‑chain attack — use paru -Qm or the provided scripts to detect 1,500+ backdoored packages; run the full scan and rotate credentials if infected. Read: https://discuss.cachyos.org/t/how-to-check-for-compromised-packages-from-the-current-aur-malware-attack/31077 🔒⚠️💻 #AUR #CachyOS #infosec #Arch #ArchBtw #MalwareCheck

tl;dr:

git clone https://github.com/lenucksi/aur-malware-check.git && cd aur-malware-check && sudo ./aur_check-v2.sh --full This performs install-date checks and rootkit/persistence heuristics.

How to check for compromised packages from the current aur malware attack

Most CachyOS users are not affected — this hit the AUR, not the Cachy/Arch repos. Only matters if you install AUR packages. See yours with paru -Qm. Between Jun 9–12 attackers backdoored 1500+ AUR packages (infostealer + rootkit). for fish (cachyos default) set malware (begin; curl -fsS --proto '=https' https://raw.githubusercontent.com/lenucksi/aur-malware-check/master/package_list.txt; curl -fsS --proto '=https' https://md.archlinux.org/s/SxbqukK6IA/download; curl -fsS --proto '=https' https...

CachyOS Forum
Show thread🐦‍🔥nemo™🐦‍⬛ 🇺🇦🍉23h ago

@enriquericos

git clone https://github.com/lenucksi/aur-malware-check.git && cd aur-malware-check && sudo ./aur_check-v2.sh --full This performs install-date checks and rootkit/persistence heuristics.

https://discuss.cachyos.org/t/how-to-check-for-compromised-packages-from-the-current-aur-malware-attack/31077

#ArchBtw #AurCheck #Aur #Arch #Linux #MalwareCheck

GitHub - lenucksi/aur-malware-check: Detection tools for the June 2026 atomic-lockfile AUR supply-chain attack. Consolidated from community Gists.

Detection tools for the June 2026 atomic-lockfile AUR supply-chain attack. Consolidated from community Gists. - lenucksi/aur-malware-check

GitHub