• Tetsuo@jlai.lu
    link
    fedilink
    English
    arrow-up
    0
    ·
    26 days ago

    I hope all the Arch based distros will do a proper post to inform their users on how to cleanup afterwards.

    I’m hoping at least cachyos, the distro I use, will tell me exactly how to check and clean my system.

    I remember that when I installed a few of my AUR package, I was well aware that this repo was pretty much unregulated and that I just have to trust it’s safe. So I made sure to only use AUR as a last resort. But there was warnings on cachyos that were displayed to tell me to be cautious about it so that’s at least a positive.

    • yesman@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      26 days ago

      The article has instructions to do exactly that.

      Users who regularly install AUR packages should take the following steps immediately:

      Run pacman -Qm to list all foreign (AUR) packages installed on your system and cross-reference against the published list of compromised packages

      Audit recent PKGBUILD history for any packages installed between June 10–12, 2026

      Rotate all credentials — browser passwords, SSH keys, API tokens, and cloud access keys — if any flagged package was installed

      Scan for suspicious processes masquerading as kernel threads using tools like rkhunter or chkrootkit

      Consider using AUR helpers with PKGBUILD review prompts enabled by default.

      The Checklist of infected packages