TECH NEWS

Malicious apps got into the Arch User Repository - how to protect yourself

https://www.zdnet.com/a/img/resize/755c015bb1a1ddbbfb44741ff405b5ac4d52ef77/2026/01/28/83c968f9-d89d-4efc-983c-26cd5e52311e/arch-linux.jpg?auto=webp&fit=crop&height=675&width=1200

Follow ZDNET: Add us as a preferred source on Google.

ZDNET's key takeaways

  • The Arch User Repository was found to contain malicious apps.
  • Twice in a week's span was this discovered.
  • Users are warned to be vigilant, but there are other, easier ways.

Researchers at software supply chain management company Sonatype found that the Arch User Repository contained about 1,500 malicious packages, the company said in a blog post updated June 12.

"We continue to encourage all users of AUR packages to review all PKGBUILD and install script changes when updating, especially during this time. If you notice suspicious commits to a package that you use, please reach out to Arch staff via the aur-general mailing list with more information," The Arch team said in a brief statement.

This does not bode well for a repository that was created to dramatically increase the amount of software available to...

Copyright of this story solely belongs to zdnet.com. To see the full text click HERE

Read more