>>109039307
I knew it would be a nuisance. Have it on old laptop somewhere, installed for no reason, thought I'll check out hipster gay stuff.
Got pozzed. Thanks arch.

>>109039307
Another arch fag thread

GENTOOCHAD'S WON

>>109039307
>if you use arch linux
wrong faggot
this only affects you if you install or update aur packages (read: random people's code, unreviewed by anyone) without looking.

>$ ./check_aur_infected.sh
>Fetching infected package list...
>Checking 1577 known infected packages...

>Clean: none of the known infected packages are installed.

all good chief. just don't go installing weird random shit from AUR?

File: img.jpg (714 KB, 1920x1080)

714 KB JPG

>Arch compromised via AUR yet again

>>109039352
Or just use a real distro like Gentoo or Devuan instead of some troon distro that keeps having this happen

how do i check?

>>109039340
What makes you think that python shit would not get supply-chain-attacked?

>>109039371
>gentoo
i have a job
devuan
literally see no reason to switch to this

>>109039374
Do you have Arch installed?

>>109039383
>Pulls the "I have a job" excuse
>uses Arch, the distro where the devs inform their users that things will break and it's up to them to figure out how to fix it

>>109039389
cachy

>>109039400
What I say.

I've installed like 5 AUR packages in almost a decade of using Arch daily
what packages do you niggas even use that you have to go there

>>109039531
This lmao I only have gearlever

File: 1774804360272950.png (330 KB, 2442x2069)

330 KB PNG

>>109039307

>>109039574
It's late. Time to call it a night, rajesh

Thank god i use Windows

>>109039601
I'm sure if a hack like this happened to the Windows Store, the same people brushing this sort of thing off as no big deal will do the same, telling people to just download apps from websites instead

>>109039623
I guarantee you there is already malware in the windows store.

>>109039655
May I see it? It should be reported all over tech news sites in articles from today.

File: 1766074427222104.jpg (74 KB, 602x500)

74 KB JPG

>>109039307
>Just download this package hosted by some random jackoff, bro. What could go wrong?
It's time. Put down the HRT and install Debian already. You're being silly.

>>109039667
look up "windows store" malware perhaps.
https://www.cve.org/CVERecord?id=CVE-2019-1270

File: Screenshot 2026-06-13 at (...).png (119 KB, 1836x902)

119 KB PNG

>no CVE
strange.

>>109039728
I will but can I install latest novideo drivers on it?

File: Screenshot 2026-06-13 at (...).png (118 KB, 1836x902)

118 KB PNG

>>109039739

>>109039732
>from today
>2019
Your concession has been accepted. Have a good one, bud.

File: voit.png (64 KB, 1280x1055)

64 KB PNG

Why won't you use a real operating system anon?

>>109039761
Well this AUR exploit isn't on any official forum I've checked so far. There's CVE or even a mention of it on https://security.archlinux.org/

Ok, there is https://archlinux.org/news/active-aur-malicious-packages-incident/

>>109039766
When it was running, this wasn't bad at all.
When it was running...

>could have been windows fucking with the VM though because all of my VMs had issues at the same time
Around the time they started to us AI in their security too. Interesting.

>>109039352
I've only found lists with 500 packages. link?

good thing I don't updoot every day like some of you here

File: Screenshot 2026-06-13 at (...).png (5 KB, 1211x71)

5 KB PNG

wut

File: Screenshot 2026-06-13 at (...).png (21 KB, 1211x395)

21 KB PNG

>mark wagie
is that a real name?

Also I'll laugh if Rust AND Gnome are involved somehow.

wow, I'm kinda amazed how quickly they picked up on the exploit in the forums. Kinda impressive.
Windows would take weeks to even notice it.
They're only just now dealing with issues with powershell and cmd (and typical of them, they're just solving the ones that could jailbreak windows from home into professional or other versions of windows).

https://lists.archlinux.org/archives/list/aur-general@lists.archlinux.org/

File: 1760351359555925.jpg (21 KB, 646x611)

21 KB JPG

>>109039307
only 317 people installed it
could be worse, i wonder if there's common packages with malware in them because no one ever reads the whole code

>>109039307
No need to reinstall. Just check if any of the AUR packages you have installed have one of the infected packages as a dependency. Honestly though, if you install AUR packages and didn't first verify that it only pulls in source from a GitHub repo that you can go and audit yourself, then you deserve what you get. You're just as bad as a Windows idiot installing random exe files without verifying they're safe first.

>>109040080
>atomic-lockfile
Current wave of attacks is downloading "js-digest"

check the catalog before posting, retard.

File: AUR list.jpg (3.31 MB, 3243x6000)

3.31 MB JPG

oof

File: 1760254559713666.jpg (31 KB, 599x602)

31 KB JPG

>>109040112
why do they all use npm? is npm just a malware distribution service at this point?

also they got nexcloud,autoligin

frankly i dont understand why the whole orphan mechanism even exists in the AUR i dont think that should be a thing.

File: Screenshot 2026-06-13 at (...).png (31 KB, 1857x405)

31 KB PNG

something to do with similar to this?

don't care
>t. mintchad

>>109040179
You mean the OS that was backdoored by Jews in 2016 and spammed on /pol/ at the time?

>I'm still mad

File: 1761825461491602.jpg (42 KB, 1299x430)

42 KB JPG

>>109040150
408?
900 more lil bro

this is seriously retarded like why is this allowed?
i want to updoot in peace

File: the_nvidia_salute.jpg (49 KB, 1280x720)

49 KB JPG

>>109039746
Why do you need the latest drivers for an old card? I mean Linus Torvalds said on June 14, 2012 that Nvidia is the worst company they have had to deal with. The WORST company, he even gave them the finger. What could possibly make a sane person think "huh, the worst possible option for Linux you say? I better buy that!" after that was revealed? Nothing, so the card is obviously from before 2012. Are you really expecting a big performance boost with the new drivers?

File: mint.png (303 KB, 900x751)

303 KB PNG

>>109040179
Mintchads keep winning.

>>109039790
its not even an exploit. you were never supposed to install programs from the aur without at least looking at the build files. anyone can put anything there. maybe the cve would pull up if you searched "layer 0", it would be under the "i did the linux equivalent of taylor_swift.mp3.exe" section

>>109039307
I mean... if an Arch Linux computer gets hacked and all its contents erased, what does the user actually lose? Their reddit history?

Surely if somebody is running literal Arch Linux they're not doing anything with their computer other than browse that shithole right?

i had 15 aur packages installed
mounted my arch drive on a live usb system. went to /home/myname/.cache/paru/clone to see my AUR packages and none of them are in the 1300 ones confirmed fucked.

still i think ill manually delete or corrupt the NPM binary on my system. at this point i think npm should only be installed in containers

>>109040230
>it would be under the "i did the linux equivalent of taylor_swift.mp3.exe" section
I miss limewire.

>>109040231
Storing government secrets normally.
Or they're famous and require it for some reason.

The former usually use Kali right?

archfags will blame the user
then every arch tutorial and how-to online will tell you to install random aur packages
there's a big elephant in the room and archfags refuse to see it

>>109039874
nta
i used this to check
https://md.archlinux.org/s/SxbqukK6IA

>>109040324
yeah, using npm is an elephant in the room.

>meanwhile, the new start in windows 11 is still a memory leak and it's just getting worse every day

Arch is a very unsafe distro run by unserious persons

File: lpvx7hcxi5991.jpg (1.41 MB, 3024x4032)

1.41 MB JPG

>>109039307
Gentoo bros won

>>109039655
to the enlightened all windows apps are malware

>>109039307
Since when? I haven't run my arch installation in 6 months.

There is no usecase for the AUR since Flatpak exists.

File: 1766063886712.jpg (46 KB, 739x415)

46 KB JPG

Glad to report that the 10 or so AUR packages I have installed aren't infected. I use CachyOS btw.

>>109039623
>windows store
a thing nobody uses?

Literally all package managers is the user putting 100% trust that something nefarious won't be injected into it. You want real safety and not just the illusion of it? Learn how to read code and then read every line of code for everything you build and install on your system.

guys what aur packages do you have (pacman -Qmeq)
for me it's

alex4
amf-amdgpu-pro
anki-bin
bin2iso
bootloadhid
consolas-font
duckstation-git
dxvk-bin
extract-xiso-git
fcitx-configtool
fcitx-mozc
fcitx-table-extra
fcitx-table-other
flashplayer-standalone
freac
gallery-dl
ghcup-hs-bin
gnucobol
goldendict-ng-git
hardinfo
heroic-games-launcher-bin
imgur-downloader-git
lib32-unixodbc
makemkv
maliit-keyboard
mangadesk
mednaffe
mingw-w64-tools
neofetch
noisetorch-git
onvif-gui
paru
pcem
pcsx2
peakperf-git
qimgv
qtqr
ruffle-nightly-bin
sacad
sm64pc-git
stockfish
trackma-git
unflac
videosubfinder
vscodium-bin
whipper-git
whisper.cpp-vulkan
woeusb-ng
xcftools
xsane
yacreader-bin
zotero-bin

>remove xlibre
>get pwned
they deserve it

>>109040474
>xfce themes
>yay
being an autist paid off this time

I told you so

>>109040494
I thought wayland was meant to be secure though gaiz.
Personally, I tended to have way more issues with Wayland on linux than X11 when I was using Void Linux. X11 did break, but I could generally figure it out and brute force a fix for it (because my setup was a BAD mess because I was just experimenting with linux distros at the time)

Sharch and Shartix trannies BTFO LMAO
Void bros, we won again.

File: 63a-2315266265.jpg (51 KB, 716x687)

51 KB JPG

>>109040605
>I thought wayland was meant to be secure though gaiz.

lol
as all this is teaching people: The idea that any of these packages being "secure" will save you was always a meme. It's like windows, Windows has had sane security practices since 10, but nothing is going to stop people downloading freerobux.exe and running it. Even a popup saying it's a very bad idea won't stop them.

Linux and its package manager spaghetti and meatballs is one of those things. Autists and "Tech Enthusiasts" will harp on and on video after video, phoronix article after phoronix article, "USE RUST AND WAYLAND THIS IS SUPER SECURE AND THE FUTURE" and then each and every one of them will download 2948598 AUR packages or .deb repositories to get their non-free drivers running, which then brings in its 9485934 gitlab dependencies and then not say shit about that.

Security is a practice, not something you install. If X is more user-friendly for you, you're the person who is most educated to make that assumption, not autists on the internet harping about security of a windowing manager while they're literally scrambling to keep AUR and Pip from updating every. other. week. Oh this on top of the now bi-weekly user privilege escalation that seems to keep happening on Linux.

tl;dr install what you want and ignore the idiots current sucking copium about security while their entire utopian threat model melts down around their ears.

>>109039307
i saw this script earlier which checks your system for potentially pozzed packages https://cscs.pastes.sh/aurvulntest20260611.sh

File: 1748081597372134.png (16 KB, 1134x919)

16 KB PNG

>>109040662
Oh and another thing "tech enthusiasts" do is that they do is never, ever, ever admit fault. Go to Brodie's channel, one video sandwiched between hours of harping on about X le bad, Wayland le good, Rust le future, always update, always be secure. Suddenly DO NOT UPDATE. That's all we'll ever hear about it, not that this has been a long time coming of Linux community banning anyone suggesting their silver bullets aren't magic and that people should be using the software they want instead of what the community wants them to run.

They'll also never admit that their "UPDOOT ALWAYS URE GONNA GET A VARUSSSS" culture is part of the reason these supply chain attacks keep working.

>>109040662
>Security is a practice, not something you install.
Unfortunately it is.
And unfortunately the people that run most things disagree and now it's literally killing people in some cases.

>>109040686
That and rust is a trojan horse intended to do this by corporations (or someone exploiting that corporation) to ruin free software. It doesn't help that a lot of AI will suck them off nowadays and suggest it as the safe new thing. They just believe whatever AI tells them now, it's insane. Mind broken.

File: useless-table-for-your-us(...).png (11 KB, 800x800)

11 KB PNG

>>109039307
>if you use Arch Linux you might be hacked
true!
>if you use Arch Linux you might not be hacked
also true!
>if you don't use Arch Linux you might be hacked
again, true!
>if you don't use Arch Linux, you might not be hacked
tru-delly-do-delly-do!
i've attached picrel to help folks understand this critical and helpful information you've provided
do you have any other insights to share, OP?

>>109040172
it's assumed that you WILL read every PKGBUILD, simple as. i had one or two orphaned packages installed and it worked fine but if they suddenly got updates, i would've inspected them.

>>109040324
>then every arch tutorial and how-to online
maybe don't listen to dumbass linuxtubers and actually read the official docs?

>>109040474

86box
86box-roms
android-sdk
broadcom-bt-firmware
cachyos-keyring
cachyos-mirrorlist
cachyos-v3-mirrorlist
cachyos-v4-mirrorlist
dragon-drop
fuse-archive
gallery-dl
greybird-gtk-theme
infra-arcana
ironwail
koboldcpp
libretro-beetle-cygne-git
libretro-bluemsx-git
libretro-fbneo-git
libretro-px68k-git
libretro-swanstation-git
libstrangle
lsfg-vk
makemkv-debug
minecraft-launcher
multimc-bin
noto-fonts-lite
openjk-git
paru
pistol-git
posy-improved-cursors
python-customtkinter
sc-im
shntool
soundfont-fatboy
tmsu
ttf-go-mono-git
ttf-iosevka
ttf-iosevka-aile
unrealtournament
uzdoom
woof-doom
xf86-video-vmware
xpadneo-dkms
yamagi-quake2

i really should clean this up

File: file.png (1.05 MB, 1024x559)

1.05 MB PNG

>>109039728
debian is for transwomen too

>>109040474
google-chrome
emulationstation

>>109039307
I don't update packages I get from AUR because it's a pain in the ass and prime95 which is the only AUR package I have doesn't need an update anyway.

>>109039307
https://md.archlinux.org/s/SxbqukK6IA
The infected package count is actually 1500+
Arch Linux is not a serious distro and is populated by wannabe haxx0rz that don't know anything about Linux

>>109040854
yeah i really needed to get xf86-input-joystick from the AUR

File: 1777296266430289.png (164 KB, 936x1434)

164 KB PNG

wew lad

People are calling this an Arch L when it's really an NPM L. Never run javashit outside of a sandbox

>>109040900
i swear NPM is some sort of glowop

File: 1661841109835.png (181 KB, 383x396)

181 KB PNG

>>109039307
>people adding random ppas to their ubuntu systems all the time
>crickets
>people installing random software by curl'ing shell scripts
>crickets
>people installing unverified/unofficial flatpaks constantly
>crickets
>some faggot installs totally-not-malware from the AUR, an unofficial repo
>"LE LULZ ARCH IS SO INSECURE HOW WILL ARCHFAGS EVER RECOVER KEK"

>>109040890
>known infected packages installed: none
>unknown infected packages installed: unknown

>>109040914
never attribute to malice what can, with equal probability, be attributed to stupidity
npm is what happens when people who are mostly retarded develop tech infrastructure to be delivered to people who are entirely retarded

>>109040951
>people adding random ppas to their ubuntu systems all the time
i use snaps like a normal person

>>109040951
>people installing random software by curl'ing shell scripts
when i see this i simply refuse to use the program

>>109040959
isn't that true for any computer nowadays?

>>109039728
based

>>109040951
>people adding random ppas to their ubuntu systems all the time
yes this is retarded, but ubuntu also has a much wider real package collection because it's debian based and debian has the most packages
>people installing random software by curl'ing shell scripts
there's been a ton of noise about this, wtf do you mean
>people installing unverified/unofficial flatpaks constantly
agreed, this is why i never use flatpak
>some faggot installs totally-not-malware from the AUR, an unofficial repo
arch hardly has any packages if you discount the aur. the aur may be technically unofficial but it's the go to for many things

is nixpkgs vulnerable to this same sort of thing

>>109041110
nix is so full of confusing abstractions that it's only a matter of time until someone slips something like that in

>>109039307
Remember when some academics tested this and the linux community threw a fit. Imagine running software released by people hiding behind aliases.

>>109041064
>agreed, this is why i never use flatpak
i hate to shill flatpaks but traditional linux package managers technically have root access. flatpaks don't.

>>109039574
>COPElet
jej
>>109039601
where notepad was allowing execution of remote code a couple months ago? pipe down, negro

>>109039307
If you installed Arch on your computer there is a 100% chance you have malware on your computer.

The joke is I'm implying Arch is malware.

>>109041187
lol, still better then windows malware

I'm not infected apparently but I've wanted to switch to something else for a while, problem is nothing else seems to be right and a lot of stuff is made for arch and a lot of stuff I come across only has PKGBUILDs

unlike you fail noobs, i KNOW how my computer works

and baby, this neghole just got pozzed up. thank you AUR for giving me the gift

seriously though, at least skim the PKGBUILD before installing shit from AUR. most of them are under 50 lines long
I guess this one is somewhat successful because I assume most people tend to focus on the source files, but what if you run npm mid build instead?

>>109040324
The archfags also refuse to help you if you make the mistake of telling them you have any AUR packages installed, so I just avoided AUR packages.

>>109039307
I never used aur when I had a CachyOS install. I'm good.

>>109040474
acer-wmi-battery-dkms-git
envycontrol
flacon
foldingathome
freac
mullvad-vpn-bin
parabolic
peazip
weasis-bin

File: 1738178796343383.jpg (66 KB, 1024x524)

66 KB JPG

>>109040662
Imo the fact hackers are increasingly going for the smash and grab approach of taking over software directly rather than trying to squeeze blood from a stone with vulns that are increasingly difficult to find…
Just kind of points to the idea Rust is still doing its job, and in fact hacking has started retreating away from Rust’s territory.

>just have some emulators and rasdaemon from the aur
>all clean
user error

I don't use Arch or Arch derivative but I see "Stay away from AUR" given as advice to people who are thinking of hopping on Arch all the time. Looks like for a good reason.

>>109039307
NixOS with FlakeBOM fixes this

>>109039307
Glad I don't have this problem on Void!

File: 1781256310132074.jpg (134 KB, 960x784)

134 KB JPG

>wake up
>there's another supply chain attack

>>109039374
run this curl | bash command to check if your system is infected !

Debian and Fedora have no such issue, lmao

>>109042025
These are all orphaned packages that has been picked up by a malware spreader

The reason they were orphaned is because practically nobody uses them, which means the impact is really small

Only AUR package I use is gallery-dl-git and I always check the makepkg when I update

Honestly, I'm surprised this didn't happen sooner

>>109040474
>>109040798
>>109041560
>>109040814
>>536964039
bashtuner
cppman
edex
openrc
unixcw
wpa_supplicant_gui
yay

>>109042224
copr and rpmfusion are the same shit. Fedora is fucked.

File: 1759911780978979.jpg (10 KB, 332x93)

10 KB JPG

fug

>>109042695
It's over.

>>109042356
It has happened before, with Arch and every other distro that has a user maintained repository, this is the first time we've seen it at this scale though, most likely done by the same person/people who has been DDOS'ing the AUR repository for quite a while.

>>109039601
Based and Jeetpilled

most infected AUR are gaming oriented lmaooooo
They truly targetted goycattle normies that installed CachyOS because troontuber told them it's better than windowslop, they also shill the AUR and CachyOS managers for it as very friendly to people having no fucking idea of how to use a computer
No shit 1500+ and counting package compromised, after seeing how easy and literally free taking over an AUR repo is why stopping? You already got thousands of normies in a single sweep to install your malware, now every AUR package is at risk
Solution:
>Gatekeep gatekeep and gatekeep
>bully the retards making normie Arch like CachyOS out of the scene for not gatekeeping
>never use AUR EVER

>>109042818
yeah it's easy to understand why arch devs hate forks now

>>109042818
As a goycattle normie who installed Cachy, after a year of use I have installed a grand total of zero AUR packages.

File: 1776361214018698.png (22 KB, 479x258)

22 KB PNG

A-am I safe? Thankfully I haven't used the AUR much since installing cachy (didn't use it much on vanilla arch either tbdesu).

>>109042695
>>109042705
what do you even need python-future for? Did you explictely install it?

>>109042865
List grows by the hour, you might be compromised and you just don't know it yet

>>109042865
yes and you'll be safe as long as you read PKGBUILDs before installing them/don't install obscure packages

>>109042849
You are the exception statistically
Troontubers shill Cachy hard for THE AURRRRRR and IT'S EZ TO USE NO WIKI DOC REQUIRED PACKAGE MANAGER too as one of the biggest pro of why Cachy better than Fedora or some other distro

>>109042818
All of these packages were orphaned, meaning that if you are correct, most of the orphaned packages were gaming oriented, which makes sense since gaming on Linux is done with Steam nowadays

And since these were orphaned, the malware impact of this is most likely minimal, the AUR packages people actually use are actively maintained

It's a good reminder for users that only the official repos are actually being maintained by the Arch developers

>>109042873
At this point we can assume practically every orphaned package has been compromised, since this was done automatically by script.

The likelyhood that you've installed a orphaned package is small though, since the reason they were initially orphaned is because nobody wanted to maintain them, which likely means nobody used them.

>>109042890
I like cachy for the gayming boost and because it has some nice QoL defaults. Kinda interested in nix though...

>>109042916
Or just means there was no reason to keep updating them

>>109042872
apparently its from 2024 trying to get some proton shit working

>>109042890
When I saw "user produced content, use at your own risk" I figured I'd use it as little as possible, and then never did. If I ever do want to use it I guess I'll just learn how to properly vet what I'm installing.

>>109042933
There's no reason to orphan them if that is the case, you don't have to do any active maintainment.

You orphan a package when you no longer want to maintain it, as in update it.

File: 1780502065002063.png (25 KB, 631x155)

25 KB PNG

I only have these

>>109039307
>install arch
>install everything i need until it just werks
>never update
works on my machine

>>109040676
Thank you Saar!! Only 4 infections so I delete them and now I am safe

>>109040854
>>109040890
Every orphaned package could become malware, and there are currently around 13000 of those.

>>109043229
why can anyone pick up orphaned packages? wtf is this clown shit lol

>>109043276
Because it's the Arch USER Repository. But I agree that's bullshit, because in practice many people use the AUR so it should be safer, even if in theory it's just a repository of scripts to build your own packages.

>>109043351
>so it should be safer
How ? Only thing I can think of is to remove orphaned packages.

The reason USER repos exist is because the distro devs can't maintain all packages out there, so you have a user maintained repo, with clear warning that these packages are supplied by users, which means that they can be malicious.

In this case it's weird though, since by doing such a massive attack it was inevitable it would be discovered.

>>109043276
It's a hard problem to fix correctly.
The problem is that everyone's a volunteer and doing this stuff in their free time or whatever. Eventually people move on or forget or simply get tired of it and leave, and packages can stagnate. How do you deal with this? There has to be a mechanism for taking over packages that are essentially abandoned, otherwise they'd be held hostage forever. This isn't a problem that only the AUR faces, but the AUR is the worst example given that any package can be taken over by anyone. Other community run distros like Debian make it much harder to take over packages, which then has the aforementioned problem of holding forgotten packages hostage. I'm not sure there is any "right" way of handling this, just a whole bunch of "less wrong" ways.

>>109039307
Common Windows W
The only rootkit hacks I have are the ones daddy Microsoft installs

>>109042643
Not the same
Rpmfusion is reviewed
You can't take over other peoples copr packages. You would have to steal someone's account or submit a new package, and no one will blindly trust a new duplicate especially if you have a fresh account

>>109043641
>something bad happens in linuxland
>immediately start crying about Microsoft
rent free as always
(Year of the Linux Desktop never ever btw)

>>109039307
nah im not a retard
i only have 3 packages from the AUR with no AUR dependencies and check the website and the PKGBUILD if im going to install something
i also always select to show diffs on update in yay

>>109043727
>install lf
>set the paru file manager to it
>can just scroll and preview every diff
skill issue

File: 1754470324933931.jpg (43 KB, 514x514)

43 KB JPG

>>109039574
>copilot
people using this shit unironically?

>>109043677
>You can't take over other peoples copr packages.
They aren't taking over other people's packages, these are orphaned packages, and in no one owns/maintains them.

>>109040029
>Mark Wagie
hell of an occupational surname

>>109039380
Gentoo packages use distfiles from the Gentoo mirror rather than downloading from upstream and they're checksummed and sometimes also optionally verify the public key with GPG.

Furthermore, an

npm install malware

command would additionally fail as all packages are built in a sandbox without networking. This is drastically more secure than any shit from the AUR. Not a single AUR helper sandboxs networking. It's also commonplace not to have dependencies locked and all sorts of shitty practices like this.

>>109039307
I use Manjaro on my laptop and last updated it like two weeks ago so I'm safe but this fucking blows.

>>109039307
>reinstall
Nigga it's Saturday and I am a no-lifer, I would do it without your command

accounts-qml-module
azahar
jack
pyprland
xrdp

File: 1777570432114321.png (1.32 MB, 2184x3144)

1.32 MB PNG

I have an unbooted arch pc with me in the room. I installed quite a few aur packages. What are the odds Im fucked?

>>109044241
Do you update aur packages frequently? Did you do so in the last few weeks? Did you compare your -Qqm output with the known malicious packages list and was there a result?
If not, then you are most likely safe

>>109044250
I did a full update like last week. I think Ill boot it up from my recovery usb. Fuck that shit

>>109039307
I never understand why we need to install all these packages from the online repositories. What if those servers go down? What if the packages are compromised?
Yes I know, simplicity. But I'd rather the libraries/packages were included/static linked with each app, so I could use the app offline if I wanted.

File: three_letter_agent.jpg (26 KB, 320x324)

26 KB JPG

>>109039307
At this point I am pretty sure this is a campaign from Microsoft so Linux labelled as unsafe, as I see more people jumping the Windows ship.

>>109044275
Microsoft isn't smart enough to think of this

>>109044275
>campaign from Microsoft so Linux labelled as unsafe
Great, normies out of my OS.

>>109044281
Microsoft these days only cares about Izzat.

>>109039307
If you do this "compile random software from random sources" in any operating systems (including macOS or Windows) you have the same exact problem. Of course anons are so retarded they don't understand even the simplest things like this. Doesn't matter if you have BLM Void, GentooLGBT or WinTroon and that exact added malware in the latest commit will compile and install that same npm with the same .install whatever malware.

>>109044420
Also Windows and macOS have over 60 thousand new CVEs, zero days and bugs every month. Yes, NEW and EVERY MONTH. Linux had 8 that were fixed before they even did anything. Same with this. There is millions of malware available for Windows and macOS, only thing is that antivirus software only shows the old ones and new ones that are actually dangerous are never in the latest version of database. Of course people don't give a shit when it is Windows or macOS. They don't even scroll through those infinite lists of malware that are released every day. Even if they see their PC has rootkit, they just allow it so their torrented game works.

I used 12 different methods to check infected AUR packages and found zero in my computers. I have all repos enabled from China, chaotic aur etc. on my Artix but of course I don't blindly install something from unofficial random people without reading everything first. Second thing people don't understand is that AUR and other methods are ADDITIONAL BONUS. Not official main repo. It doesn't matter if you have Windows, macOS or Devuan/Gentoo. If you compile those ADDITIONAL RANDOM software projects, you have THE EXACT SAME PROBLEM. This whole thread is full of retards. You don't have to use AUR or other repos. If your Ubuntu LTS or Debian has random PPAs, you have more dangerous system than some Arch/Artix system where user don't use AUR blindly.

>>109044420
Well, few users compile software on Windows, but yes, the exact same problem is there with binaries as well.

And yes, all distros are vulnerable to this, since the second you leave the repos being vetted by the devs of said distro, you are trusting anonymous people on the web. There's no simple solution, the distro maintainers can't package everything, and so the need for user maintained repositories.

Having said that, it's very unlikely there has been a lot of infected systems due to this, since these were all orphaned packages, which means extremely few people are interested in them.

The real danger is if some major upstream repo should be infected, absolute disaster.

>there are people who went to linux just to be updooters like on microshit
lol
lol at aur also
even as an arch user I rather just build my own shit after looking at the files

>>109044460
Like FFMPEG?

>>109044460
True. Also users can black list packages they don't need that are dangerous to make sure they don't be lazy and accidentaly install them. I have blacklisted npm and python on all my computers but one where I need it python for LLM. Also you can freeze packages, but for retards, it usually breaks everything because those low iq anons who are against Artix don't know how anything works so they would break everything with wrong package versions having conflict or something. Even with Ubuntu LTS, macOS and Windows, they usually just reinstall everything when there is some tiny simple to fix "problem". They don't even remember doing so or think that all that fighting with drivers and broken registry is a problem until it happens in Linux because they did something wrong and immediately they cry about it online how "Linux is shit".

>>109039307
>use arch
>don't use aur
>tell people I don't cause of this
>hurr durr read the package script or whatever
>tfw hacked free
Yeah, this is why I don't trust the AURetard.

>>109044489
You don't trust your ability to audit PKGBUILDs

>>109044475
Are you talking about these packages:
ffmpeg-bitrate-stats
ffmpeg-quality-metrics

Which has nothing to do with the ffmpeg project ?

I could write a bash script right now called ffmpeg-best-settings-ever with malware, are you going to pretend that ffmpeg is infected now ?

>>109039307
If you're too lazy and/or retarded to audit PKGBUILDs then just ask an AI to do it for you, I see redditors are already coming up with scripts to automate this.

>>109044502
>yeah just read this 400 page document before you decide if this is safe or not
Yeah no. Keep crying, nigger. I'm hacked free.

>>109044541
>check if the source comes from the original devs
>check if it downloads weird shit from a different source
>check if there are weird scripts or patches in the source files of the package
Wow so hard

File: traditional-branch.png (27 KB, 490x477)

27 KB PNG

>>109044502
This is why I never used any AUR tool or anything like that. I just don't trust autoinstalling shit from a package manager with completely unaudited and non-curated software.

>>109044574
Keep crying, pajeet. I'm not downloading your malware. Again, I'm hacked free.

>>109044577
I mean most AUR helper prompt you to audit the PKGBUILD. yay shows a diff every time there's an update

>>109044538
>then just ask an AI to do it for you
Would an LLM even have caught this attack?

>>109039307
I ran the scan script and it says I'm good. Hopefully nothing slipped through. But fuck man, after almost a decade of using Arch I'm really thinking of moving to Tumbleweed or Debian at this point.

>Clean: None of the known infected packages were installed within 2 days of the campaign.
whew

>>109044520
So what's this faggot talking about
https://www.youtube.com/watch?v=QGC40AfmgY0

File: Screenshot at 2026-06-13 (...).png (1.46 MB, 1920x1080)

1.46 MB PNG

>>109039307
None of that is my problem kek.

>>109044682
>cucklicense
>cuck-code-of-conduct
>still 10 years behind Linux
>stockholm syndrome
>baby duck
Holy shit you have ALL of the worst things. OpenCuck is JUST cucklicense shitware from 20 years ago but you have even the same shit code of conduct. You ALSO have 100% same malware problem if you install same random unofficial projects like with AUR. STFU fucking retard.

>>109043209
kek did you actually have 4 bad packages installed?

>>109044695
Yet your Troonix is being destroyed by AI retards and Troons and Rust Cultists. Every single day there is a problem with Linux just because of Nord cuck who have troon daughter decided to give a go for AI. Hahahaha keeep crying kid.

>>109041187
the joke is most of the packages are made by a guy in china

soooooooooooooooo what does this malware do?

>>109044241
did you read the PKGBUILDs before installing all that software?
do you check the diffs every time you update the AUR packages?

So, how come I have some packages from the AUR I dont even remember installing?
Dependencies?
Anyway, Im looking over my AUR packages, and the only one I dont understand is https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=openssl-1.1
That .tar hidden in the long list of .patch files is okay? Man I fucking hate PKGBUILDs now...

t. retarded windows refugee

>>109044577

int master(void){return 0;}

>>109044655
Bugs casuing vulnerabilities that were found with AI, fixed before disclosed.

This is not someone corrupting a upstream project with malware.

>>109044729
>"it's so good even your grandma should use it!! keep it simple stupid amirite folks haha!!"
>"ermmm chuddie you do know you're supposed to check all this turbo autist shit every time before you update... right??"
This is why Arch was, is, and always will remain a meme.

>>109044763
This only affects packages outside of the Arch distro, as in user provided packages.

It's like if you're so stupid to run an .exe someone shares here on 4chan without doing any due diligence.

In this case the easiest thing to do look at the MAKEPKG and its history to see which changes have taken place (available on the package page) and if something stands out. This is mainly something you should do if the package is stale, as in no comments, very little updating. In packages that are frequently updated and has lots of user commentary, it's EXTREMELY unlikely that someone will be able to sneak in something malicous without it getting caught instantly.

>>109044763
i dont recommend arch to anyone
the AUR is a meme but you are expected to DIY when using arch thats the whole point

File: 1779464093143017.png (119 KB, 1782x394)

119 KB PNG

>>109044700
FreeBSD is THE double-cuck rainbow-flag "beastie mascot rainbow colors" pride-month /black lives matter/ "trans women are women" Operating System (all this with official proof from FreeBSD devs and maintainers instead of your "I am mad and pull this from my asshole I feel bad" crying)
>rfc and introduction of rust to the freebsd base system
>addition of the rust compiler and toolchain to the freebsd ports collection
>integration of rust build infrastructure into the freebsd source tree
>official approval of rust as a supported language in the freebsd base system
>rust based kernel modules and device drivers
>artificial intelligence code in packages and kernel software
>inclusion of rust standard library components in base system builds
>availability of artificial intelligence and machine learning frameworks in freebsd ports

Enjoy your CuckBSD with AI and Rust code Stfu fucking retard and read about your own troonware before writing here.

>in 2018 the freebsd project adopted a new code of conduct that explicitly bans harassment of gay and trans people based on sexual orientation and gender identity
>the freebsd foundation states they hire mainly trans and gay people based on race gender and sexual orientation
>in june 2026 the freshports website added a rainbow flag to its interface and changed the shoes of the beastie mascot to rainbow colors for pride month
>a freebsd wiki contributor lists black lives matter and trans women are women among their personal beliefs on their user page

FreeBSD and OpenBSD in the future, you can't do shit when they include CoC and you just suck it like good little cuck like always. No support for this and that? You can't do shit about it and just accept it. You eat bugs and not owning anything. With Linux you own and can do whatever you like while BSD owns you and you are just a product and slave. "Corporations slaving developers and saying what you should think" is the main ideology of BSDs.

>>109044821
mad as fuck... stay mad as fuck you will eventually have to uninstall.

>>109039307
Void is probably compromised too with all their orphaned package not that there is anyone using it

>>109044821
>Muslim
>Trans women are women
Wat!? Does he know Muhammad would behead him for that?

>>109044839
Didn't read. Cry more.

>1600 packages compromissed
>only 300 ppl hacked in total
ogey. lotta effort for nothing

>>109044876
Chinese hackers are retarded monkeys so not a big surprise. China needs to be nuked.

Bleeding edge sisters, our response? How long will we wait until we update again?

>>109045010
i just removed libgdata which i forgor to updooot before the attack so somehow it's fine and then updoooted. i missed 60 package updooots behind this bulllshit and now must updooooot

>>109045051
wtf is libgdata

>>109045010
You can update all you want. Just actually pay attention and look through PKGBUILDs and changes. If what you have works, no need to update.

File: 1775296454462926.jpg (158 KB, 1440x1438)

158 KB JPG

>vscode extensions
>browser extensions
>cloned/phished github repos
>npm in general
>aur
its getting rough out here lads

>>109045065
some junk related to google drive shit gnome installed, the dropped support for and got orphaned and then compromised

>>109045077
Why did you still have it installed

>>109045074
maybe slop automated audit is genuinely not a bad idea

>>109045088
i forgot to run sudo pacman -Rns $(pacman -Qdtq) too busy updoooooting annd updooooting doesn't remove it, as it just hangs in there... shitposting aside kinda spooky how orphaned official packages that silently migrate to the aur can turn into vectors for random chinkmalware

File: 1776901186711443.png (480 KB, 641x592)

480 KB PNG

>pacman -Qm | wc -l
>0

>>109045167
wtf is wc -I

>>109045213
wc (toilet) -l is log means the shit that goes from your ass down to toilet.

>>109045416
lmfao

Wish me luck bros I need it

great, someone just had to go and ruin it for everyone else.
what do i mean? the point of the aur is how easy it is for anyone to contribute to it. someone taking advantage of this at a large scale will likely, if it keeps being a problem, cause the aur to become more restricted.

>>109040324
the aur is unsupported, both literally (pacman is incapable of searching or installing directly from the aur) and figuratively.
aur helpers (which are unofficial and also can't be installed using pacman directly) like yay will warn you if a package becomes an orphan. it's entirely on the user to verify if a new owner of a package is to be trusted, no-one else will do that for them

>>109045213
It returns the number of lines

>>109044763
this is like saying windows is insecure because you can visit totallylegalmovies.tk and run the shrek2.exe file it gave you as administrator
the aur doesn't contain official packages

>>109039307
The check script said my system was fine, I only have 15 aur packages though

>>109044876
they weren't "compromised", they were adopted.
basically a maintainer can opt to stop maintaining a package. as long as a package has no maintainer, it is an orphan. people can still view and download it. anybody can adopt the package to become the new maintainer.
this isn't a hack or a compromise, it's just an abuse of how the aur normally works and maybe one positive thing about this is that it might wake some people up that indeed the aur should not be treated as a trustworthy repository, it's not intended to be

looks like i am safe
tho supposedly clang19 was infected which i installed year ago, but i removed it a month ago for either it failed to update or when i saw an update i removed because i didn't need it (don't remember excatcly)
i no longer feel safe at my puter
its over

>>109045598
Total hacker death. Make people feel safe at their puters again.

Still looking trough my system but it seems Im not affected. Motherfuckers

>>109039874
yarg is in there?? thank god i didnt bother switching from clone hero

just check what aur packages you have installed, then read the pkgbuild for each, they're about 40 lines on average. if they contain npm and npm install, lmao for you, otherwise you're fine. It's this easy to determine if you're compromised

>>109044876
Where is the master list? I'm only seeing ones for 400 or so

AUR chads will fix that mess

but I will still reinstall tho not gonna trust some package that might or might not be infected

>>109039998
I don't like it when my update manager has an update notification

>>109047015
I don't need aur to do npm install. I rawdog it on my own. :^)

>>109039307
Never use Arch or Arch based distros. If you're not retarded you'd know this by now.

>>109047816
How do you keep it updated then ?

It's never been more over. Debianchads, I kneel.

>>109039531
emulators
spotify-adblock
onlyoffice
visual studio
xone (xbox controller driver)

plenty of stuff that should be on the official repo but isn't

>>109040474
>pacman -Qmeq
cable
ksysguard6-git
makemkv
millennium
openchatbox
pidgin
uxplay

>>109048489
>>>>>>>>>>>>>>>>>>>stuff that should be on the official repo
>spotify-adblock
Don't use spotify because it costs money. I only listen to music on Youtube with ublock running so I don't give artists a dime. Work for free bitch.
>onlyoffice
Libreoffice much? I've never even heard of onlyoffice as yet another shitty StarOffice fork. Just use the document foundation's one because notWord 2007 hasn't changed in 20 years.
>visual studio
Can you not use emacs like the rest of us? Why the fuck are you installing Microsoft's ripoff Borland C++ Compiler and Winforms toolkit on Linux and not running that dogshit through Wine or something.
>emulators
>xone (xbox controller driver)
Emulators are whatever and since nobody actually owns working cartridge dumpers anymore you may as well just run whatever build came with your bootleg torrent on an air-gapped VM. But fine. And you actually have a point on the xbox driver not being in the official repos but I haven't used a gaming controller with Linux since the xbox 360 was still relevant so I assume the wireless ones are all shit.
It's your fault for using such shitty software and not even bothering to read the build instructions. It's Arch's fault for not telling people (like Debian does) tough shit, you only get 5 year old packages, and maybe for not having dolphin and xone or whatever in the repos since that shit never changes anyway and the pirated bits aren't needed at compile time anyway so they shouldn't have pushed that garbage to AUR without reason.

>>109049073
>uhh....it's actually YOUR fault for needing these packages!
archfags never learn

>>109040474
>gnucobol
>xsane
>stockfish
I'm sorry, what the fuck Arch.
https://packages.debian.org/en/stable/gnucobol
https://packages.debian.org/en/stable/xsane
https://packages.debian.org/en/stable/stockfish
Stockfish I could almost see leaving out since gnuchess has one baked in and chess dorks run their own stuff anyway. But xsane is a required part of actually printing and scanning in Linux and gnucobol is just another GCC frontend.
Why in the fuckstick isn't the GNOME maintainer for Arch packaging stockfish, the CUPS maintainer packaging xsane, and the compiler and coreutils maintainer(s) packaging gnucobol when they build GCC for the distro?
What mental illness is this?

>>109049109
The difference is
>a package that blatantly violating the TOS of a paid service (which is normie shit, by the way)
>a package that duplicates a software package suite that is heavy as fuck, and already duplicated in triplicate (libreoffice, openoffice, now eurooffice)
>micro$oft's compiler and IDE. ON FUCKING LINUX.
I empathized with the other packages in that anon's list, as things that distros should have even if they're only updated every other year.

>>109049135
xsane is deprecated, i'm pretty sure. you want SANE, not XSANE.

>>109039307
nothing itt about arch, just american retards saying someone won something lmao this site is dead

>>109049177
what do you mean XSANE is just frontend for SANE API.

>>109049553
and every good DE replaces it with its own frontend

>>109039307
I don't install everything off the AUR, eat shit. I will continue using Arch and I will not review PKGBUILDs because the limited packages I use are all binaries.

>>109039307
DON'T REINSTALL
MIGRATE TO ALPINE LINUX SWAY (or OpenBSD or 9front)
I REPEAT
ARCH ABANDONED THE UNIX PHILOSOPHY
ARCH. IS. BLOATED. FUCK SYSTEMD. FUCK CORPORATE UNIX. if you got hacked you deserved it

File: monkaw.png (15 KB, 300x300)

15 KB PNG

>>109039307
is my steamdeck safe?

>>109048489
>spotify-adblock
just use spicetify on top of spotify-player from pacman. there's an extension to block ads.

>>109039531
>ani-cli
I have low attention span so this helps me finish anime unironically
>localsend
I don't wanna use flatpak or appimage
>spek
I like looking at my music's spectrogram
>octopi (dep qt-sudo)
I liked this from my friend's CachyOS setup so I installed it for vanilla Arch
>qdiskinfo
its neat
>tarotreader
my friend wanted to try it out, but I don't use it
>yay
see above

>>109049681
I don't run a desktop environment. I run X with dwm and mix and match stuff from all the desktop environments.
Although GNOME and KDE applications are way to heavy so I open those sparingly. I've been thinking about doing a CDE install since that desktop environment is reasonable. Like KDE before Apple fanboys took it over and made it rounded corners.

>>109049718
yes because its immutable and only valve approved packages are installed by default
unless you messed with it to install custom packages (by disabling readonly mode, installing AUR helpers etc) you should be fine

Who the fuck uses arch shit unironically

>>109049785
cool
thanks anon!

File: 938471987.png (56 KB, 684x683)

56 KB PNG

Take the Sid pill.
https://wiki.debian.org/DebianUnstable

>>109049864
>Take the Sid pill.

Please note that security updates for "unstable" distribution are not managed by the security team. Hence, "unstable" does not get security updates in a timely manner. For more information please see the Security Team's FAQ.

Just run OpenBSD. All the packages are frozen for each release so at least anything naughty will be old by the time the OS comes out and hopefully will be fixed. You can even stay a whole release behind which will maybe help with these issues, and still get updates.

>>109049768
>>spek
You can use ffmpeg for this

>>109044281
they have enough money to pay people though

>don't use arch
>ok what use
>niggers start a slapfight
lol

>>109050042
Sid consistently gets faster Firefox updates than Fedora.

Anyone have a good youtube video that covers the topic?
I need to download opinion

it's a good reminder to primarily use pacman. i did get into habit of using yay instead of sudo pacman -Syu for my frequent updoots. luckily i don't seem to have exposed myself to any of the nearly 2k infected packages

File: 1779085755516494.gif (640 KB, 255x191)

640 KB GIF

 yay -Syu --noconfirm --sudoloop --mflags --nocheck 

nice knowing you bros

>>109050878
2k packages sounds alarming, but remember it was all orphaned packages, i.e. unmaintained/abandoned packages, which for the most part is because they're unpopular/nobody is using them

File: 1636170811594.gif (34 KB, 220x220)

34 KB GIF

I JUST CHECKED PARU AND NOW MY PC IS MAKING MUSTARD GAS WTF

File: kanye_west_all-day.png (2.13 MB, 1600x900)

2.13 MB PNG

>>109050219
i mean i could
but you try telling someone they can clip videos with ffmpeg and not get wide eyes

>>109039531
A bunch of random shit I have installed is just from trying to fix a random game giving errors with wine/proton
And despite that what got me was perl-aspell-text, because I wanted to have spellcheck in irssi

>>109044854
Muslim activists weaponize faggottry idpol for their own personal end, doesn't count as sin because they are essentially using taqiyya against western kafir.

>>109050716
but fedora is more secure

>>109039307
>reinstall
No. I don't use the AUR. Eat shit.

>>109050716
Faster than Fedora Rawhide?
By the way, the Firefox package maintainer for Fedora is also an upstream Firefox developer. Very nice guy, he's largely the reason for Firefox's good Wayland support now, amongst other things.

>>109052088
>Faster than Fedora Rawhide?
About on par from what I recall, but sometimes faster yes. Although Sid is usable day to day whereas Rawhide isn't, which makes it even more impressive.
>Very nice guy, he's largely the reason for Firefox's good Wayland support now
Nice.

Arch must immediately adopt a vetting process for blocking malware in its' repositories.
Or split AUR from Arch and move it to a third party site.

>>109049737
Why would I bloat my Spotify just for blocking ads?
And isn't spicetify also AUR?

>>109040464
people have lives. nobody's gonna read allat little bro

>>109052282
I'm not an arch user but even i know that what are you proposing is how things already are.

File: 1772041719871817.png (87 KB, 185x290)

87 KB PNG

From another thread:
I read all the stuff about the AUR thing. Should I still install CachyOS. Because this Shelly thing allows to download AUR packages and some users said CachyOS comes with pre installed AUR packages too.

>>109052318
>CachyOS comes with pre installed AUR packages
No?
Also shelly is for the 80 yo and/or mentally deficient, use your terminal

>>109052301
That's my point, but people still act like their system is 100% safe & secure. In reality it's just the illusion of it, like most things in life.

>>109052335
Is it safe to use Arch based distros like SteamOS or CachOS or not?

>>109052343
no OS is safe if you install malware on it. every OS is safe if you rip out wlan and eth

>>109039307
Just use Debian.

File: 1752944639607694.png (141 KB, 303x303)

141 KB PNG

>>109052359
Can you just answer like a normal person and not like a passive-aggressive redditor?

>>109052343
It's "safe", but for every piece of software that's not complete garbage the main vulnerability is always going to be the human operating it. Never blindly trust people who put software online, be paranoid without crippling your usage and you should be fine.

>>109039340
UbuntuGOD reporting in

File: 1750471024656899.png (77 KB, 216x216)

77 KB PNG

>>109052394
For me the main issue is, that on Windows it's easy to find out if the software is clean or not. Never download software from crude sites, etc.
It's easy to stay safe on Windows.
Homebrew on macOS is safe too. Isolated directories, uploaded/updates packages are reviewed before going in public, etc.
(sure you have brew tap, but you can't do this by mistake) plus you have SIP anyway it it cant touch the macOS system files.
AUR on the other hand is like a indian shit hole. A AUR script has the structural power to overwrite critical system binaries, inject rootkits, or entirely break your operating system. Nothing is reviewed before going public, etc.

Linux is great. Arch Linux is awesome. But AUR is total bullshit.

File: 1759894046003033.jpg (15 KB, 400x400)

15 KB JPG

>>109052453
homebrew is always on user level, while AUR needs sudo (after compiling and handing it over to pacman)

File: 1761676338145628.png (87 KB, 460x389)

87 KB PNG

>>109052419
In the past it was more secure than how it is now, that said it is reasonably more secure than average i may say (if you consider the default setup you get with justwerk mainstream distros). This AUR shit is trojan tier of malware, which relies on user naivety and is essentially OS agnostic in nature, if you are a conscious person this kind of problems won't affect you period. This is what one gets by acting like an adhd ape going blowload by mindlessly installing third part shit, only locked down, kiosk'd systems are (probably) safe enough for these kind of retards.

OPEN SORES LMAO!!!!!!!!!!!!!

>>109043087
What job do you play