Seems like some niche packages in the AUR which were orphaned have been systematically compromised and injected malware during build. There are lists of packages out there. You can check your machines if you are affected. If you haven’t updated in the last 10 days you are probably fine but check anyways. Don’t be lazy like me and always check your PKGBUILDS.
https://www.reddit.com/r/archlinux/s/qH4pgSYvG0
From Reddit / Archlinux.org :
PSA – From [arch-announce] Active AUR malicious packages incident
Arch Linux: Recent news updates:
We are currently experiencing a high volume of malicious package adoptions and updates in the Arch User Repository.
We are actively working to track down existing malicious commits and attempting to prevent additional malicious commits from being pushed.
While this is happening, and while we work to create a more permanent solution, users may see issues with the following:
- Creating new accounts on the AUR
- Pushing package updates
- Adopting or creating new packages
We continue to encourage all users of AUR packages to review all PKGBUILD and install script changes when updating, especially during this time.
If you notice suspicious commits to a package that you use, please reach out to Arch staff via the aur-general mailing list with more information.URL: https://archlinux.org/news/active-aur-malicious-packages-incident/
Consider subscribing to one or some of these Arch mailing lists: