RE: https://social.saarland/@inpector/116736988259716513

Update: Es sind mittlerweile über 1600 infizierte Pakete. Eine Liste direkt aus den ArchLinux-Kreisen findet sich unter diesem Link:

https://md.archlinux.org/s/SxbqukK6IA

Da man aus dem Pad eine Markdown Datei bekommt habe ich das Kommando angepasst und aufgeteilt:

curl -s "https://md.archlinux.org/s/SxbqukK6IA/download" | tr -d '\r' | tail -n +2 | head -n -1 | sort > AUR.txt

comm -1 -2 <(pacman -Qq | sort) <(cat AUR.txt)

#ArchLinux #AUR #Manjaro #CachyOS

It's funny, I had people on EndeavourOS' forums say Chaotic-AUR was unsafe because you can't read the PKGBUILD. But Chaotic had actually caught it, and rejected the changes. I consider myself paranoid with the AUR yet I might not have caught this, especially in packages that actually do use Node.js for any reason. I am not experienced with Node.js or NPM at all, so this could very well have slipped through.

But the more experienced guys at Chaotic did catch this.

I'm starting to call bullshit on that claim from the Endeavour forum guys, lol.

#AUR #ArchLinux #EndeavourOS #ChaoticAUR

https://www.phoronix.com/news/Arch-Linux-AUR-More-Than-1500

Ouch! That hurts!

#archLinux #arch #malware #security #aur

Arch Linux Now Believes Malware Incident Under Control: More Than 1,500 Packages

https://www.phoronix.com/news/Arch-Linux-AUR-More-Than-1500

#HackerNews #ArchLinux #Malware #Incident #Packages #Security #Update

Heads up #ArchLinux users!

The "Atomic Arch" supply chain attack (June 9-12) compromised 400-1,500+ AUR packages with an infostealer & eBPF rootkit targeting credentials, browser data, and CI/CD secrets.

Attackers quietly adopted orphaned AUR packages and slipped in malicious PKGBUILDs. The community is actively cleaning up, but now's the time to act.

See also: https://lists.archlinux.org/archives/list/[email protected]/thread/FGXPCB3ZVCJIV7FX323SBAX2JHYB7ZS4/

 #Archlinux
Ouf… J'ai pas de paquets infectés sous #Manjaro.

Le script est dispo ici :
https://cscs.pastes.sh/raw/aurvulntest20260611.sh

Looks like I managed to avoid installing any malware in the AUR attack this week: https://archlinux.org/news/active-aur-malicious-packages-incident/

I *am* going to go delete the software I'm not actually using though. 😅

Last time I had something "interesting" it was some JavaScript bullshit in a PNG file's text block for a desktop wallpaper I'd grabbed from 4chan. I'm not aware of any PNG viewer than renders HTML in text blocks. 🤷

#ArchLinux #Arch #EndeavourOS #malware