Over 400 Arch Linux AUR Packages Compromised with Malware

More than 400 packages in the Arch User Repository (AUR) have been compromised with malware, affecting users who install these packages. The attack vector involved malicious modifications to the package build scripts, allowing the injection of malware into the packages. This incident has raised significant concerns within the Arch Linux community, as it poses a risk to users who rely on AUR for software installation. The Arch Linux team is currently investigating the breach and has urged users to avoid installing packages from AUR until further notice. The scope of the impact is extensive, given the popularity of AUR among Arch Linux users. No specific CVEs have been reported in relation to this incident yet. The situation is ongoing, with updates expected as investigations proceed.

Key Points: • Over 400 packages in Arch Linux's AUR have been compromised with malware. • Malicious modifications to package build scripts were the attack vector. • Users are advised to refrain from installing AUR packages until further notice.