Techly NewsGet the app

Get the latest tech news

AUR packages compromised with Infostealer and Rootkit


Last Updated: 2026-06-12T04:22:42Z (UTC) What’s Happening It appears a new AUR package maintainer (arojas) adopted and infected 408+ packages. The compromise was reported and other AUR maintainers have been working to remove the infected packages. The affected packages were modified with preinstall scripts to use npm to install the atomic-lockfile package, a malicious payload. Here’s an example of the change: This blog has a deep dive into the attack. Actions If you don’t use Arch (b...

None

Get the Android app

Or read this on Hacker News

Read more on:

Photo of rootkit

rootkit

Photo of infostealer

infostealer

Photo of AUR packages

AUR packages

Related news:

News photo

Official CheckMarx Jenkins package compromised with infostealer

News photo

PyPI package with 1.1M monthly downloads hacked to push infostealer

News photo

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

« Trying to fix complicated problems
After spat with Chinese gov't, Meta cuts AI Manus off from its internal systems and is 'sunsetting' platform, report claims — Beijing-ordered breakup of $2 billion AI deal begins »