A massive supply chain attack targeting the Arch User Repository (AUR) has compromised more than 400 community-maintained packages, with attackers injecting malicious build scripts designed to deploy credential-stealing malware and rootkit-style payloads on affected Linux systems.
Ok, but I was expecting something a bit more automated then opening a list of package in kate and comparing it to my list of installed AUR package… Plus it’s 400 package so that’s a lot of things to check and plenty of space to miss one package by manually checking.
But I get it I’m lazy and just need to script something myself. This is affecting so many people I thought we would have a script to check quickly if you are “infected”.
It took Arch ~19 years just to get
archinstall.Something tells me there won’t be a script.
Arch had curses based installator for a long time, it became unmaintained.
The link is a script
A lot of those 19 years were times where only nerds used arch.
CachyOS community seems to have a detection script, I have not vetted this run at your own discretion.
https://discuss.cachyos.org/t/aur-compromised-400-packages-affected-20260611/31040
I haven’t used kate but does it not have some sort of easy search?
ex. pacman -Qm to list AUR packages; should display the 3/4 pkgs you have installed. Then just search in kate for those 3/4 results?
Alternatively cat & grep in the terminal is pretty straight forward.
That is if it’s 3/4 pkgs that are from AUR, but if someone has hundreds installed that is a bigger issue on its own.
Here’s a script:
https://gist.github.com/Kidev/59bf9f5fb53ab5eee99f19a6a2fc3992
how many aur packages do you have? Most people i know have like AT MOST 20 or so packages from the aur. Which takes less then 2 mins to manually check against the list.
I’m not home for a few days so I can’t check yet.
But I think I have something like 3/4 packages at the most.
But I need to compare that to a 400+ list I’m not sure I agree with you it’s that easy to do rigorously.
Not sure I understand - if you only have 3-4 packages you can just search for them specifically in the long list?
Even if you have 50 or 100s of packages, bash makes it pretty doable
comm -12 <(sort -u file1.txt) <(sort -u file2.txt) > common.txtShould spit out only the packages appearing in both lists (done by memory so may not be 100%)
Damn how long is the list when you
Am I missing something ?
Just because I have 3/4 package on my system doesn’t mean the 400+ list of affected package gets shorter on the other side…
I’m actually pretty cautious with AUR and I only install them when there is no other options.
Especially for a small list, 3-4, that you actually need to check, what’s the actual issue? Open list of 400, ctrl+f for the few names you care about, move on.
I was just curious because I didnt think it was so tediuous to check against an alphabetical list on a website using ctrl+f. But thats just me. It took me less than a minute to check my 8 aur packages against the list