[Slackbuilds-users] Arch User Repository compromise
jay
j+sbo-users at maschinengott.de
Thu Jun 11 19:41:25 UTC 2026
Hi all,
the Arch User Repository (AUR, basically Arch Linux' SBo) has been used
as a malware (infostealer) vector today.
I'm posting this to say we should be extra vigilant with the work of new
maintainers taking over packages at this time. I propose the admins
should ask the list if they're not sure about a submission or don't have
the capacity to sufficiently check it.
mode of operation:
> The newest maintainer for the alvr AUR package has made a commit that
adds npm packages to what is quite clearly not a npm project. As well as
replaced the email addresses of previous maintainers with their own
while keeping the same name as the latest committer. More can be seen
from the comments of various users since this update has been pushed.
–https://lists.archlinux.org/archives/list/aur-general@lists.archlinux.org/thread/2LGBF2AZBPVCCY4VTN6DOVUNNBURFJ2J/
more info:
https://lists.archlinux.org/archives/list/aur-general@lists.archlinux.org/thread/FGXPCB3ZVCJIV7FX323SBAX2JHYB7ZS4/
More information about the SlackBuilds-users
mailing list