AUR Packages Compromised with Infostealer and Rootkit

AUR Packages Compromised with Infostealer and Rootkit(discourse.ifin.network)

29 points by keyle 5 hours ago | 2 comments

UI_at_80x24 30 minutes ago |

Here's an easy script to scan for compromised packages:

https://cscs.pastes.sh/aurvulntest20260611.sh

Not my script. It's easy to read/parse. Never pipe a script directly to bash.

sva_ 20 minutes ago | |

It isn't guaranteed that the list is conclusive.

Always check PKGBUILD and sources, AUR is not to be trusted for the most part. I'm actually more surprised that such compromise hasn't happened earlier.