this post was submitted on 12 Jun 2026
175 points (99.4% liked)

Linux

13986 readers
582 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 3 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
175
Arch Linux AUR Malware Campaign Hits Multiple User-Contributed Packages (linuxiac.com)
submitted 4 days ago by cm0002@lemy.lol to c/linux@programming.dev
69 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[โ€“] iltg@sh.itjust.works 7 points 4 days ago (1 children)

in theory? getting rid of paru and friends, manually reviewing the pkgbuild and the source of whatever it is installing

realistically? nothing. the AUR is a glorified repository of build scripts anyone can upload. the script or the package itself can ship malware

the AUR is mostly the same as downloading and running random exes on windows. you should avoid it, make it as manual as possible (forcing you to double check what's happening) and be able to review the installer/package or trust someone who can vouch for its safety

[โ€“] Bananskal@nord.pub 2 points 4 days ago* (last edited 4 days ago) (1 children)

paru shows you the PKGBUILD diffs on upgrade, so you can review then and deny upgrades.

But realistically I am not going to go into the code itself on my installed packages to check for malware or other types of attacks. That's too time consuming for my risk level, and requires more knowledge than can be expected, to be honest.

Edit: but maybe you're talking about when first installing a package? Come to think of it, I'm not sure it shows the PKGBUILD at that point. ๐Ÿค”

[โ€“] nlgranger@lemmy.world 1 points 4 days ago

It does, the diff shows the full files.