Oh dear, the situation with the Arch Linux AUR got a fair bit worse since GamingOnLinux initially covered the malicious packages.
At the time the initial article was put up, there were a bit over 400 compromised packages on the Arch Linux Arch User Repository (AUR). That list of affected packages (source) rose quite sharply and checking again now there's nearly 2,000 noted. That's a lot of packages to be hit like this.
Later last night the attacks were reported to be continuing on "with obfuscated code", and another report in the early hours of this morning noting it's become "a little bit more elaborate". Not all of the packaging issues are as bad as the initial wave of trying to steal credentials, some are just adding ridiculous messages in Russian.
The AUR developers and maintainers are clearly going to need to rethink how the service is run. While it's a wonderful idea to let anyone come along and package extra apps and such if they're missing from Arch Linux repositories, anything left open in any way is going to cause problems. Especially so now in 2026, when Linux is clearly more popular than ever - anything Linux related like this is going to become a bigger target. And with AI bots too, making such a hit has become far easier.
At least some level of human review is going to be needed. Otherwise, this certainly won't be the last time we see the AUR having security problems.
Article taken from GamingOnLinux.com.
See more from me
You can also find comments for this article on social media: 
seflasporin 2 hours ago
Quoting: GerarderloperSo far non of my AUR packages have been touched, but I am waiting for the dreaded updates for any of them to come where suddenly a 'new' maintainer appears out of nowhere...This only affects orphaned PKGBUILDs. If yours all have maintainers then they'll be fine.
Quoting: dibzWow, some easily offended folks in hereAgain, the rolling release official repos of ARCH were not affected by the AUR hack. You're confusing two were different concepts based on what I can only assume is your disdain towards that particular OS.
Anything that pulls source from something like github some jackass can compromise by having their keys stolen - or if they're just bored and feeling frisky.
So yes, modern development practices affect rolling distros more because they tend to use the latest and greatest all the time - which is not always great.
Rolling release distros don't just pull from git straight into their official repos and call it a day. No distro does that.
Take the XZ compromise not all that long ago, which released a new "stable" compromised version that actually made it on to user systems - y'all know the problem commit was only about a month old? That's a crazy short timeline.The AUR hack was found and actually fixed in under two weeks so that analogy really doesn't strengthen your position.
Patreon
PayPal