400+ AUR Packages Compromised with Infostealer and Rootkit

超过 400 个 AUR 软件包遭入侵，包含信息窃取程序与 Rootkit

Last Updated: 2026-06-12 19:14:16 UTC 最后更新： 2026 年 6 月 12 日 19:14:16 UTC

What’s Happening

事件概况

It appears a new AUR package maintainer impersonating a trusted maintainer adopted and infected 408+ packages. The compromise was reported and other AUR maintainers have been working to remove the infected packages. 据了解，一名冒充受信任维护者的新 AUR 软件包维护者接管并感染了 408 个以上的软件包。该入侵事件已被上报，其他 AUR 维护者目前正致力于移除这些受感染的软件包。

As of 2026-06-12 17:30:00 UTC, the AUR maintainers believe they have removed all malicious commits. 截至 2026 年 6 月 12 日 17:30:00 UTC，AUR 维护者认为他们已经移除了所有恶意提交。

They have also decided to implement some controls and limitations on functionality, including adopting packages. 他们还决定对部分功能实施管控与限制，包括软件包的接管流程。

The attack included at least two separate malicious dependencies. 此次攻击至少涉及两个独立的恶意依赖项。