The Arch User Repository recently had a major security incident where more than 1,500 AUR packages were reportedly compromised with malware. In this video, I break down what happened, what users should do about this, how users can check for infection, and why Arch-based distro users should be careful with community packages.
Update: there appears to be more reports after publishing this video, Phoronix reported about the new malware.
Scripts to check your system:
- Kidev’s = https://www.reddit.com/r/linux/comments/1u3alhe/comment/or3vhax/
- CSCS = https://discuss.cachyos.org/t/aur-compromised-1500-packages-affected-20260611/31040
Other Links:
- https://archlinux.org/news/active-aur-malicious-packages-incident/
- https://archlinux.org/about/
- IvanAT tip: https://discuss.cachyos.org/t/aur-compromised-400-packages-affected-20260611/31040/84
- https://www.reddit.com/r/linux/comments/1u3alhe/roughly_400_aur_packages_compromised/
- New Report from Phoronix = https://www.phoronix.com/news/Arch-Linux-AUR-More-Malware
Chapters:
00:00 Intro
00:15 What is the AUR?
00:39 Official Arch Repos NOT Affected
00:51 Here’s what happened…
01:24 There’s many questions for this
01:37 How do I found out if I’m affected?
01:51 How did this happen?
02:40 What should I do as an average user when installing from AUR?
03:05 What is a PKGBUILD?
03:34 Second answer for average users and the AUR
03:56 Arch Linux devs warning about the AUR
04:21 What is an AUR Helper?
04:43 Arch-based distros arguably make the access too easy
04:59 To clarify, in my opinion
05:25 Tips on how to review PKGBUILDs
06:22 Alternatives to the AUR
06:41 the only guarantee of life
06:57 My request to the “Arch btw” memers
07:30 “Just Works” Users
08:10 Do you like in-depth videos like this?
08:22 Two other questions
