Hundreds of AUR packages attacked by infostealer
A thread on the Arch Linux AUR general mailing list, titled "AUR REPORT THREAD," details a widespread attack on AUR packages. The initial post by Jonathan Grotelüschen, dated June 11, 2026, states that "hundreds of AUR packages" were compromised by an infostealer. The maintainer reports that they are "working hard to reset/delete all malicious commits and ban the accounts." Users are instructed to send any further discoveries of malicious packages as replies to the thread to keep reports consolidated. The source text does not specify the exact number of packages, the identity of the attackers, the method of compromise, or the specific data targeted by the infostealer. No remediation steps for users or timeline for cleanup are provided beyond the ongoing efforts described.
Hundreds of AUR packages compromised by an infostealer, requiring maintainers to reset commits and ban accounts.