Hi Quentin, Can you send us the packages description so we can identify other attempts in the future?
Thanks Shay Date: Fri, 18 Jul 2025 18:53:19 +0200 > From: Quentin MICHAUD <[email protected]> > Subject: [SECURITY] firefox-patch-bin, librewolf-fix-bin and > zen-browser-patched-bin AUR packages contain malware > To: [email protected] > Message-ID: <[email protected]> > Content-Type: text/plain; charset=UTF-8; format=flowed > > On the 16th of July, at around 8pm UTC+2, a malicious AUR package was > uploaded to the AUR. Two other malicious packages were uploaded by the > same user a few hours later. These packages were installing a script > coming from the same GitHub repository that was identified as a Remote > Access Trojan (RAT). > > The affected malicious packages are: > > - librewolf-fix-bin > - firefox-patch-bin > - zen-browser-patched-bin > > The Arch Linux team addressed the issue as soon as they became aware of > the situation. As of today, 18th of July, at around 6pm UTC+2, the > offending packages have been deleted from the AUR. > > We strongly encourage users that may have installed one of these > packages to remove them from their system and to take the necessary > measures in order to ensure they were not compromised. >
