Around 1,500 AUR Packages Compromised with "Rootkit-Like" Malware

Researchers at Sonatype uncovered a massive supply chain attack against the Arch User Repository (AUR) to harvest credentials and exfiltrate user data by hijacking around 1,500 packages.


This is a companion discussion topic for the original entry at https://www.privacyguides.org/news/2026/06/12/around-1-500-aur-packages-compromised-with-rootkit-like-malware/
5 Likes

Thankfully I was not hit by that, it seems like as with the other supply chain attacks maybe only around 100 people were affected if I’m understanding this right (https://socket.dev/npm/package/atomic-lockfile)

I don’t have NPM installed locally due to this risk but worry sometimes that other packages would pull it in somehow.

Say I was one of those affected and was running opensnitch - would I see something like a popup saying npm install atomic-lockfile ?

2 Likes

Just started using cachy os luckily they weren’t really hit but already published some PSA for users over on discord.

by sim

Most CachyOS users are not affected — this hit the AUR, not the Cachy/Arch repos. Only matters if you install AUR packages. See yours with paru -Qm. Between Jun 9–12 attackers backdoored 1500+ AUR packages (infostealer + rootkit). for fish (cachyos default) set malware (begin; curl -fsS --proto '=https' https://raw.githubusercontent.com/lenucksi/aur-malware-check/master/package_list.txt; curl -fsS --proto '=https' https://md.archlinux.org/s/SxbqukK6IA/download; curl -fsS --proto '=https' https://cscs.pastes.sh/raw/aurvulnlist20260611.txt; end | grep -E '^[a-z0-9][a-z0-9._+-]*$' | sort -u); set affected (comm -12 (pacman -Qqm | sort | psub) (printf '%s\n' $malware | psub)); if test -n "$affected"; echo "AFFECTED:"; printf '%s\n' $affected; else; echo "Clean — "(count $malware)" packages checked, none installed."; end other m=$( { curl -fsS --proto '=https' https://raw.githubusercontent.com/lenucksi/aur-malware-check/master/package_list.txt; curl -fsS --proto '=https' https://md.archlinux.org/s/SxbqukK6IA/download; curl -fsS --proto '=https' https://cscs.pastes.sh/raw/aurvulnlist20260611.txt; } | grep -E '^[a-z0-9][a-z0-9._+-]*$' | sort -u); o=$(comm -12 <(pacman -Qqm | sort) <(printf '%s\n' "$m")); [ -n "$o" ] && { echo "AFFECTED:"; printf '%s\n' "$o"; } || echo "Clean — $(printf '%s\n' "$m" | grep -c .) packages checked, none installed." Clean you’re fine. AFFECTED: = a flagged name is installed — don’t panic (a name match isn’t proof), confirm with the full scan below. Fetch error or count under ~1500 = a download failed, just re-run. Full scan (confirms install dates + checks for rootkit/persistence). (you can also remove sudo from this and get most of the checks): git clone https://github.com/lenucksi/aur-malware-check.git 2>/dev/null; cd aur-malware-check && git pull -q && chmod +x aur_check-v2.sh && sudo ./aur_check-v2.sh --full If INFECTED then rotate your credentials (GitHub/npm/SSH/etc.), remove the package, and a clean reinstall is safest. More info about this incident GitHub - lenucksi/aur-malware-check: Detection tools for the June 2026 atomic-lockfile AUR supply-chain attack. Consolidated from community Gists. · GitHub Lists are still updating — re-run later if you add AUR packages.

Bash Checkup script

bash <(curl -s https://cscs.pastes.sh/raw/aurvulntest20260611.sh)
2 Likes

Reading on other forum, the attacker seems to chain with nodejs and npm for the attack. Plus aur maintainer change for old package uses stupid policy. Anyone can crawl the aur package list, see if any being orphaned, unmaintained, send request to takeover the package, wait ~2 weeks, get no response from old maintainer, automatically being given new maintainer status, proceed to push the malware, thus the huge 15k pwned package estimate.

While aur does plastered few warning of dragons ahead, people let their guards down because historically it Just Works®. Next we’ll probably see docker image from dockerhub or github registry being pwn too just because people are automatically pulling and installing random unvetted stuff without any care in the world. Open source, foss doesn’t mean yolo trusting everyone especially if you can’t read sourcecode yourself. Especially with ai llm’s nowadays, any joe blow can be a script kiddy pwning stuff left and right.

5 Likes

Part of me wonders how advanced malware can theoretically get to be really, really bad for society, hypothetically speaking.

1 Like

In an ideal world google, anthropic, openai etc could given public package manager like linux repo, npm registry, docker registry etc free access to their ai for automatic vulnerability scan before publishing. A win win situation, they unleashed ai that made pwning easy while also give access to the same ai for limiting the damage. But alas thats a pipedream, we’re not living in an ideal world and everyone suffers due to rampant ai llm misuse.

1 Like

This here is nothing.
Look at the malware/backdoors forced upon almost the whole world with for example Intel ME.
Intel ME is just one example of many.
Who forced it upon us? The intelligence agencies working together with the ultra rich like a mafia.
Normal people don’t care or don’t know and therefore continue feeding the corrupt system of this mafia. So as long we are feeding their system, they let us pass.
But when “leaders” emerge that fight for all of us against this mafia system, then they look into what data they have on those “leaders”. They decide based on this information if those people can be bought or blackmailed and if not, they either get ill or have an “accident”, depending of course on how big of a nuisance they are for them.
In the end all of this is an intelligence agency operation and would not be possible so many times if they didn’t surveil us all 24/7.

So sure, this is nasty stuff, what is happening with the AUR, but it’s nothing compared to the real problem. Eyes on the prize.

1 Like

I believe LLMs have now reduced the barrier to entry in conducting attacks, or at least automating them even more easily, and so we should just expect more attacks happening. They have also reduced the barrier in identifying issues on blue team as well, but proactive patching is gonna take time.

I imagine software is going to be semi high-risk for a while until the dust starts settling in the LLM age a bit more. The traversable vulns will be compromised, and after time I think things with tighten.

I’d suggest being conservative in what you install, install less, and install from trusted repos when you can. Happy I made my switch to SecureBlue a while back now.

4 Likes

Well, u said it, not me… :grimacing:

1 Like

Just a day after Arch Linux developers believed they got their malware AUR incident under control with 1,500+ packages affected by malware, another round of of AUR malware is now being discovered. This latest round is more sophisticated as with code obfuscation to better conceal the intent.

Round 2

1 Like

Imagine if we didn’t have LLM how would we be able to tell the obfuscated code

1 Like

lets be real if we didn’t have llm we wouldn’t have had this attack in the first place, these script kiddies couldn’t have pulled this off without prompt engineering.

AI attacks still require someone to steer the AI towards the right place where a weakness may be present. But surely it did enable more folks to do so.

1 Like