this post was submitted on 12 Jun 2026

174 points (99.4% liked)

Linux

13976 readers

387 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 3 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

174

Arch Linux AUR Malware Campaign Hits Multiple User-Contributed Packages (linuxiac.com)

submitted 3 days ago by cm0002@lemy.lol to c/linux@programming.dev

69 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] FiniteBanjo@programming.dev 1 points 3 days ago* (last edited 3 days ago)

I'm not real clear on if this is the case but you could try:

Have you installed or updated from the AUR before, such as with Yay? Specifically after June 5th? If so, check this list or the post above for a list of compromised packages. https://gr.ht/aur_pkg_list.txt
Maybe pacman -Q | grep atomic-lockfile because that appears to be what the threat actor is installing but I'm not really sure if that's how it works...?