• yesman@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    26 days ago

    The article has instructions to do exactly that.

    Users who regularly install AUR packages should take the following steps immediately:

    Run pacman -Qm to list all foreign (AUR) packages installed on your system and cross-reference against the published list of compromised packages

    Audit recent PKGBUILD history for any packages installed between June 10–12, 2026

    Rotate all credentials — browser passwords, SSH keys, API tokens, and cloud access keys — if any flagged package was installed

    Scan for suspicious processes masquerading as kernel threads using tools like rkhunter or chkrootkit

    Consider using AUR helpers with PKGBUILD review prompts enabled by default.

    The Checklist of infected packages