[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-thousands-of-arch-aur-packages-found-with-hidden-malware":10},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":24,"persona_id":22,"persona_name":22,"section":22,"tags":25,"sources":29,"feedback":33,"feedback_at":22,"cost_usd":33,"total_tokens":33},770,"thousands-of-arch-aur-packages-found-with-hidden-malware","Thousands of Arch AUR packages found with hidden malware","Security researchers discovered over 400 AUR packages delivering infostealers and rootkits, putting Arch users at risk.","Over 400 packages in the Arch User Repository were found to contain malicious payloads.\n\nResearchers analysing recent AUR submissions uncovered code that silently installs an infostealer and a rootkit. The affected packages span several popular categories, from development tools to system utilities. The malicious code is embedded in install scripts, so it runs automatically when users build the packages.\n\nArch users who trust the community‑maintained repository now have a new attack surface. Because AUR packages are built locally, the malware can gain root privileges on the host without prompting. The incident highlights the need for better auditing of community repositories and for users to verify source integrity before building.\n\nIf you rely on AUR, consider switching to vetted binaries or checking package hashes manually until the repository cleans up the compromised entries.","[\"arch-linux\",\"security\",\"aur\"]","2026-06-12T05:59:39.000Z","2026-06-12T10:59:21.140Z","2026-06-12T10:59:26.586Z","published",null,[],"https:\u002F\u002Fcdn.xyz.onl\u002Farticle-images\u002Fthousands-of-arch-aur-packages-found-with-hidden-malware.webp",[26,27,28],"arch-linux","security","aur",[30],{"name":31,"url":32},"Hacker News","https:\u002F\u002Fdiscourse.ifin.network\u002Ft\u002F400-aur-packages-compromised-with-infostealer-and-rootkit\u002F577",0]