Arch Linux Now Believes Malware Incident Under Control: More Than 1,500 Affected Packages

Source: https://www.phoronix.com/news/Arch-Linux-AUR-More-Than-1500

The day started out withArch Linux’s AUR user-contributed repository seeing more than 400 packages compromisedwith malware. Now in ending out the day they believe all affected commits have been addressed. But it ended up being more than 1,500 affected packages.

It was bad enough when finding out more than 400 AUR packages for Arch Linux users had been infected with malware but now that number has risen to around 900 a few hours ago and now in the end at more than 1,500 user-contributed packages.

In anupdatea few hours ago, it was believed around 900 packages were infected by malware in this week’s incident.

Then as of writing now, the last message in the thread over this security incident isnotingthat Arch Linux developers have deleted all the malicious commits they are aware of. Cited wasthis listthat puts the number of malware-affected packages at 1,579! Tons of software in this user-maintained Arch Linux user repository were impacted by this nasty security incident.

Even at 1,579 packages listed, that final updated noted, it’s a “list containing many (but not all) of the affected packages”. Ouch.