RSS

Arch Linux AUR Hit by Another Wave of Now More Sophisticated Malware Attack

ImJamal1 pts0 comments

Arch Linux AUR Hit By Another Wave Of Now More Sophisticated Malware Attack - Phoronix

Articles & Reviews

News Archive

Forums

Premium Ad-Free<br>Contact

Popular Categories

Close

Articles & Reviews

News Archive

Forums

Premium

Contact

Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

Arch Linux AUR Hit By Another Wave Of Now More Sophisticated Malware Attack

Written by Michael Larabel in Arch Linux on 14 June 2026 at 06:32 AM EDT. 38 Comments

Just a day after Arch Linux developers believed they got their malware AUR incident under control with 1,500+ packages affected by malware, another round of of AUR malware is now being discovered. This latest round is more sophisticated as with code obfuscation to better conceal the intent.

Last night another round of malware in Arch Linux AUR packages was reported by developer a821. Various Node.js packages, a Plasma 6 applets package, some Firefox packages, the Aura browser, LibreWolf extensions, a NeoVim plug-in, and various other packages were all found with malware via obfuscated code. Shortly thereafter a821 reported back that the affected packages were taken care of.

Hours later, Nicolas Boichat reported more malware in AUR packages. Boichat discovered those latest malware bits using a local Gemma E2B AI model. The new malware attempt in AUR was described as "a bit more elaborate" in obfuscating the action around the Bun command.

At this stage it's a bit surprising they don't completely shutdown AUR until they can better verify the security and safety of this user-supplied repository or at least implement new safeguards on changes.

38 Comments

Tweet

Arch Linux Now Believes Malware Incident Under Control: More Than 1,500 Affected Packages<br>Arch Linux's AUR Sees More Than 400 Packages Compromised With Malware<br>Manjaro 26.1 Preview Released With GNOME 50, KDE Plasma 6.6 & Xfce 4.20 Options<br>CachyOS Introduces New Default GUI Package Manager, Kyber For NVMe I/O Scheduler<br>CachyOS Rolls Out A Super-Charged Linux 7.0 Kernel<br>Arch Linux's Archinstall 4.2 Fixes Botched Disk Encryption Security

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

macOS 27 Beta Breaks The Ability To Boot Asahi Linux<br>Arch Linux Now Believes Malware Incident Under Control: More Than 1,500 Affected Packages<br>ReactOS "Open-Source Windows" Reaches The Milestone Of Being Able To Run Half-Life<br>Arch Linux's AUR Sees More Than 400 Packages Compromised With Malware<br>Firefox Merges Support For Vulkan Video Decoding<br>YSERVER: Modern X11 Server Written In Rust With The Help Of Claude Code<br>GNOME File Previewer Finally Switches To GTK4, Adds Dark Mode<br>Linux DRM Ioctl Developed By AMD Being Disabled Following Ongoing Security Issue

Arch Linux AUR Hit By Another Wave Of Now More Sophisticated Malware Attack

Revised AVX-512 xor_gen() Implementation For Linux RAID Yielding More Performance Gains

pkgcli As PackageKit's Modern, Nicer Command Line Interface

Wine-Staging 11.11 Released With 289 Patches Atop Upstream

Intel Ending Development Of BigDL: An Open-Source AI/LLM Effort Getting Axed

Fedora 45 Considering A Lightened GRUB Bootloader For Confidential Compute

Intel Thermald 2.5.12 Released... With Initial Support For ARM

GCC 17 Merges Function Multi-Versioning For APX & AVX10.2

Haiku OS Now Enables AVX-512 Support, Other Hardware Improvements

KDE Plasma 6.7 Sees Last Minute Fixes Ahead Of Next Week's Release

Phoronix Premium allows ad-free access to the site, multi-page articles on a single page, and other features while supporting this site's continued operations.

Open-Source Success Achieved For Greater Transparency & Security: Running AMD openSIL + Coreboot On EPYC

Benchmarking The Performance Benefits To Ubuntu 26.10 amd64v3 Packages

RISC-V CPU Performance Up 8x In Five Years: SiFive HiFive Unmatched To SpacemiT K3

Linux 7.1 Helping Intel Arc Battlemage Graphics Achieve Better Performance

ARM Linux Server Performance Up More Than 7x Geo Mean In 8 Years, As Much As 15x With NVIDIA Vera CPU

The mission at Phoronix since 2004 has centered around enriching the Linux hardware experience. In addition to supporting our site through advertisements, you can help by subscribing to Phoronix Premium. You can also contribute to Phoronix through tips/donations via PayPal or Stripe.

Contact

Michael Larabel

Support Phoronix

While Having Ad-Free Browsing,

Single-Page Article Viewing

Facebook

Twitter / X

Legal Disclaimer, Privacy Policy, Cookies |...

linux malware arch packages phoronix another

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

US Government directive to suspend access to Fable 5 and Mythos 5

Dylan131224 ptsfable government anthropic jailbreak access mythos

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.