A massive supply chain attack targeting the Arch User Repository (AUR) has compromised more than 400 community-maintained packages, with attackers injecting malicious build scripts designed to deploy credential-stealing malware and rootkit-style payloads on affected Linux systems.
check to see if you have any of the matching packages.
pacman -Qm | awk '{print $1}' | sort > /tmp/local-aur-pkgs.txt curl -s https://gist.githubusercontent.com/Kidev/59bf9f5fb53ab5eee99f19a6a2fc3992/raw/.../aur_check.sh \ | grep -oP '(?<=")[^"]+(?=")' | sort > /tmp/gist-infected-pkgs.txt comm -12 /tmp/local-aur-pkgs.txt /tmp/gist-infected-pkgs.txtalso
curl -s https://cscs.pastes.sh/raw/aurvulnlist20260611.txt | sort > /tmp/updated-infected-pkgs.txt comm -12 /tmp/local-aur-pkgs.txt /tmp/updated-infected-pkgs.txt