Xylight‮Jul 18, 2025

[PSA] Malware distributed on the AUR

https://lemdro.id/post/25813192

[PSA] Malware distributed on the AUR

> On the 16th of July, at around 8pm UTC+2, a malicious AUR package was uploaded to the AUR. Two other malicious packages were uploaded by the same user a few hours later. These packages were installing a script coming from the same GitHub repository that was identified as a Remote Access Trojan (RAT). > The affected malicious packages are: > - librewolf-fix-bin > - firefox-patch-bin > - zen-browser-patched-bin > The Arch Linux team addressed the issue as soon as they became aware of

Show threadJolteonJul 19, 2025
To be fair the AUR is known to be very susceptible to that kind of thing due to the effective absence of entry requirements.
Show threadMentalEdge

Absolutely.

The Arch User Repository is a way for anyone to easily distribite software.

Hence it has never been secure, and rather than claim it is, you mostly see people and documentation warn you about this, and to be careful if using it.

Any schmuck can make whatever they want available via the AUR. That’s how even the tiniest niche project can often be installed via the AUR. But you trade in some security for that convenience.

Jul 19, 2025 at 8:22amWeb