The supply chain attack on the #ArchLinux #AUR was inevitable. 3 years ago, the AUR admins gave away control of the SDR package (that I was maintaining) because someone complained about a minor versioning issue that I didn't want to fix. (1/4)

In my opinion, ArchLinux needs to purge the entire AUR admin team and replace them with more competent people. They should also use common fucking sense and not transfer ownership of a package if said package is owned by the developer of that software...

1,500 malicious AUR packages?? As an Arch Linux package maintainer, I'll be taking a look at what's going on 👀 📅 Today at 8PM CEST: youtube.com/watch?v=9DYf05Xc… #archlinux #linux #opensource #cybersecurity #foss

Plusieurs milliers de paquets AUR détournés en quelques jours via adoption de paquets orphelins. La campagne Atomic Arch injecte un credential stealer Rust rootkit eBPF via une dépendance npm. cryptolab.re/posts/2026/atom… #ArchLinux #AUR #sécurité #supplychain

Best writeup of the ArchLinux credential stealer. This malware is very comprehensive - read below - i'd just add one thing: rotate your password manager credentials asap, they copied all browser profiles, assume compromise.

AURっていうリポジトリがサ終してるのであってArchLinuxリポジトリがサ終してるわけではないので、yay・paruを使わなければいい話よ

# ""ARCHLINUXを使いなさい！！""

ArchLinux archlinux.org/

うーんArchLinuxから完全に移行する時が来たのかなぁ phoronix.com/news/Arch-Linux…

Scales, the eBPF malware targeting ArchLinux sha0coder.github.io/scales/

🚨 AUR malware (atomic-lockfile/lockfile-js/nextfile-js, 1500 pkgs). Bash script that detects by behavior, not name lists: npm/bun in .install hooks, shell obfuscation, /tmp payloads. Read-only. 🔗 gist.github.com/l33tm4st3r/f… #ArchLinux #infosec

🚨 AUR malware (atomic-lockfile/lockfile-js/nextfile-js, 1500 pkgs). Bash script that detects by behavior, not name lists: npm/bun in .install hooks, shell obfuscation, /tmp payloads. Read-only. 🔗 gist.github.com/l33tm4st3r/f… #ArchLinux #infosec