Arch Linux - News: Active AUR malicious packages incident

Active AUR malicious packages incident

2026-06-12 - Campbell Jones

We are currently experiencing a high volume of malicious package adoptions and updates in the Arch User Repository.

We are actively working to track down existing malicious commits and attempting to prevent additional malicious commits from being pushed.<br>While this is happening, and while we work to create a more permanent solution, users may see issues with the following:

Creating new accounts on the AUR

Pushing package updates

Adopting or creating new packages

We continue to encourage all users of AUR packages to review all PKGBUILD and install script changes when updating, especially during this time.<br>If you notice suspicious commits to a package that you use, please reach out to Arch staff via the aur-general mailing list with more information.

Copyright © 2002-2026 Judd Vinet, Aaron Griffin and<br>Levente Polyák.

The Arch Linux name and logo are recognized<br>trademarks. Some rights reserved.

The registered trademark Linux® is used pursuant to a sublicense from LMI,<br>the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis.