Arch Linux's AUR Sees More Than 400 Packages Compromised With Malware

Written by Michael Larabel in Arch Linux on 12 June 2026 at 06:39 AM EDT. 66 Comments
ARCH LINUX
The Arch Linux User Repository "AUR" was hit by a large-scale malware campaign this week with more than 400 of these user-supplied packages being compromised.

Since yesterday Arch Linux maintainers have been working to reset/delete all of the malicious content and banning affected accounts. Over 400 packages are believed impacted by this latest malware campaign for Arch Linux's AUR. Again, to be completely clear, this just is affecting AUR packages and not the official Arch Linux packages.

CachyOS Arch Linux


This Arch Linux mailing list thread goes over some of the affected AUR packages and the impact. There is also more information and discussion on this significant AUR event via the CachyOS Forums.

Update: Arch Linux Now Believes Malware Incident Under Control: More Than 1,500 Affected Packages
66 Comments
Related News
Russian Spam & Profanities Are Now Plaguing The Arch Linux AUR
Arch Linux AUR Hit By Another Wave Of Now More Sophisticated Malware Attack
Arch Linux Now Believes Malware Incident Under Control: More Than 1,500 Affected Packages
Manjaro 26.1 Preview Released With GNOME 50, KDE Plasma 6.6 & Xfce 4.20 Options
CachyOS Introduces New Default GUI Package Manager, Kyber For NVMe I/O Scheduler
CachyOS Rolls Out A Super-Charged Linux 7.0 Kernel
About The Author

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
ReactOS "Open-Source Windows" Reaches The Milestone Of Being Able To Run Half-Life
Arch Linux Now Believes Malware Incident Under Control: More Than 1,500 Affected Packages
macOS 27 Beta Breaks The Ability To Boot Asahi Linux
Arch Linux's AUR Sees More Than 400 Packages Compromised With Malware
Arch Linux AUR Hit By Another Wave Of Now More Sophisticated Malware Attack
Firefox Merges Support For Vulkan Video Decoding
YSERVER: Modern X11 Server Written In Rust With The Help Of Claude Code
AMD Opens Pre-Orders For The Linux-Friendly Ryzen AI Halo Developer Platform