Support us on Patreon
PayPalOh dear, the situation with the Arch Linux AUR got a fair bit worse since GamingOnLinux initially covered the malicious packages.
At the time the initial article was put up, there were a bit over 400 compromised packages on the Arch Linux Arch User Repository (AUR). That list of affected packages (source) rose quite sharply and checking again now there's nearly 2,000 noted. That's a lot of packages to be hit like this.
Later last night the attacks were reported to be continuing on "with obfuscated code", and another report in the early hours of this morning noting it's become "a little bit more elaborate". Not all of the packaging issues are as bad as the initial wave of trying to steal credentials, some are just adding ridiculous messages in Russian.
The AUR developers and maintainers are clearly going to need to rethink how the service is run. While it's a wonderful idea to let anyone come along and package extra apps and such if they're missing from Arch Linux repositories, anything left open in any way is going to cause problems. Especially so now in 2026, when Linux is clearly more popular than ever - anything Linux related like this is going to become a bigger target. And with AI bots too, making such a hit has become far easier.
At least some level of human review is going to be needed. Otherwise, this certainly won't be the last time we see the AUR having security problems.
Article taken from GamingOnLinux.com.
See more from me
You can also find comments for this article on social media: 
CharlieTheMadHatter 43 minutes ago
If you haven't, it's about time to start!
mattaraxia 12 minutes ago
The near complete lack of oversight and controls is basically the AUR's one feature that distinguishes it from everything else out there.
Last edited by mattaraxia on 14 Jun 2026 at 8:46 pm UTC
seflasporin 12 minutes ago
