| #!/usr/bin/env bash | | | # | | | # A quick-and-easy check for possibly impacted packages | | | # of the 20260611 AUR exploitation | | | # | | | # Forked+updated from, and credit to, the original: | | | # https://gist.github.com/Kidev/59bf9f5fb53ab5eee99f19a6a2fc3992 | | | # | | | # <3 cscs <3 | | | INFECTED_PKGS=( | | | 123pan-bin | | | 1code | | | 8192eu-dkms-git | | | actual-ai | | | adblock2privoxy | | | aion-git | | | albion-online-launcher-bin | | | alienfx | | | alvr | | | android-signapk | |
| android-signapk-gui | |
| android-support-repository | |
| annobin | |
| ansible-language-server | |
| antfs-cli-git | |
| anythingllm-appimage | |
| anythingllm-cli-bin | |
| apk-installer-gui | |
| apm_planner-bin | | | apothem | |
| apple-music-desktop | |
| arch-update-vai | |
| archjh | | | archlinux-themes-slim | | | archmage | | | archtex-git | | | arm-linux-gnueabihf-binutils | | | artanis-git | | | astro-editor-appimage | | | atomicwalet | | | atomicwalllet | | | autohand-cli | | | autolabel | | | autologin | | | azurlaneautoscript | | | bcachefs-kernel-dkms-git | | | beebeep | | | bitcoin-core-git | | | blinkenlib | | | blueproximity-py3-git | | | booklore | | | brow6el | | | brow6el-git | | | canon-pixma-mg3000-complete-fixed | | | cartridge-cli | | | ccase-bin | | | ccl-git | | | cgminer | | | charcoal | | | cinny-desktop-system-tray | | | clai | | | clang19 | | | clash-mi | | | cling-git | | | cmuclmtk | | | cnijfilter-common | | | codenomad-bin | | | codeql-cli-bin | | | cogpit-bin | | | colorhug-client | | | colorz | | | compiler-rt19 | | | compizconfig-python | | | coolreader | | | cowdancer | | | cutefish-calculator | | | cutefish-core | | | cutefish-dock | | | cutefish-filemanager | | | cutefish-icons | | | cutefish-launcher | | | cutefish-qt-plugins | | | cutefish-screenlocker | | | cutefish-screenshot | | | cutefish-settings | | | cutefish-statusbar | | | cutefish-wallpapers | | | cvs-feature-bin | | | cynthiune.app | | | dagu-bin | | | datatype99 | | | deheader | | | dep | | | dh-python | | | difi | | | difi-bin | | | doctoc | | | dots-hyprland-fork-git | | | dvdrip | | | dyad-bin | | | easy_spice | | | edconv-bin | | | efiboots-git | | | electrum-nmc | | | elmerfem | | | eisl | | | epson-inkjet-printer-escpr2-clos-bin | | | exodas | | | exodis | | | exodud | | | exoduss | | | exodus-wallet-bin | | | exoduswallet | | | exodux | | | exoduz | | | exodys | | | exouds | | | farmmod-hub | | | fastoggenc | | | fastjet | | | fatx | |
| fcitx5-pinyin-sougou-dict-git | |
| ffmpeg-bitrate-stats | |
| ffmpeg-quality-metrics | |
| findpkg-git | |
| firefox-extension-adnauseam-bin-amo | |
| firmium-desktop-git | |
| fishui | | | fishui-git | | | flashfocus | | | flexiblas | | | flynarwhal | | | fmlib | | | forgecode-bin | | | formidable-bin | | | frame | | | ftl | | | frutool | | | futhark-bin | | | gdl | | | gdlmm | |
| git-annex-standalone | |
| gnome-contacts-git | |
| gnome-randr-rust | |
| gnutls3.8.9 | | | gog-the-witcher-2-assassins-of-kings | | | gopher2600 | | | gopher2600-bin | | | gosh | | | gpx-viewer | | | graveman | |
| green-tunnel-bin | |
| greetd-wlgreet-git | |
| gtkimageview | | | guile-reader | | | gummy | | | gummy-git | | | hackmatrix-git | | | harmony-wad | | | headphones | |
| hearthstone-linux-gui-appimage | |
| hearthstone-linux-gui-bin | |
| hepmc2 | | | hister-git | | | hnswlib-git | | | horst | | | hydown-git | | | hydrus-git | | | i3bar-river | | | ianny-bin | | | ibm-sw-tpm2 | | | ihaskell-git | | | imageglass | | | inadyn | | | indicator-session | | | infnoise-openssl-git | | | interface99 | |
| ios-webkit-debug-proxy | |
| ipfs-desktop-bin | |
| ipsw | | | iron-heart-git | | | jasp-desktop | | | jd-gui | | | k3sup | | | kdb | | | kddockwidgets-git | | | kexi | | | kiss | | | ktea | | | kookbook | | | kproperty | | | kreport | | | latex-digsig | | | lazylpsolverlibs-git | | | ledger-udev-bin | | | lesstif | | | lib32-egl-wayland | | | libafterimage | | | libbobcat | | | libcutefish | | | libffi-static | | | libgdata | | | libjxl-noglycin | | | libquvi | | | libquvi-scripts | | | libretro-hatari-enhanced-git | | | libxdiff | | | libxml-ruby | | | libyami | |
| linux-cachyos-deckify-native | |
| linux-cachyos-deckify-native-headers | |
| linux-cachyos-native | |
| linux-cachyos-native-headers | |
| linux-cachyos-native-nvidia-open | |
| linux-cachyos-rc-native | |
| linux-cachyos-rc-native-headers | |
| linux-cachyos-rc-native-nvidia-open | |
| linux-tool | | | liri-cmake-shared-git | | | lite | | | lll | | | llvm-cbe-git | | | lowfi-bin | | | "ls++" | | | lucidvideo | | | m5rcode | | | magpie-wm | | | mako-center-git | | | manuskript | | | maszyna-git | | | mathsat-5 | | | matrixbrandy | | | mcp-probe | | | mcpatcher | | | mermaid-ascii-git | | | mermark-editor | | | mesa-dlss-reflex-git | | | meteo | |
| mimic-node-git | |
| mingw-w64-geos | |
| mingw-w64-libsndfile | |
| minimax-bin-hardened | |
| minitube | | | misuzu-music-bin | | | mono-addins | | | monochrome | | | monochrome-git | | | moor-git | | | mount-gtk | | | mopen | | | n1-translator | | | naemon | | | naemon-livestatus | | | natapp | | | nebuchadnezzar-git | |
| neovim-autopairs-git | |
| neovim-nvim-treesitter | |
| nerf-pi | |
| neuro-karaoke-wrapper-git | |
| new-api-privacy-filter | |
| new-api-privacy-filter-git | |
| nextcloud-app-audioplayer | |
| nextcloud-app-facerecognition | |
| nextcloud-app-gpoddersync | |
| nextcloud-app-integration-google | |
| nextcloud-app-repod | |
| nextcloud-app-twofactor-gateway | |
| nextcloud-git | | | nexus-bin | | | nginx-mod-vts | | | nhentai-git | | | nocodb | |
| noctyra-dotfiles-git | |
| noctyra-meta-git | |
| "notepad---bin" | |
| nox-bin | | | nrpe | | | nwchem-bin | | | ob-xd | | | octocode | | | opencode-codebase-index-bin | | | openui5 | | | opl-synth | | | optimizevideo-git | | | oracle-bin | | | pacforge | | | paper-desktop-bin | | | paq8o | | | parallel-python | | | pass-cli | | | pelican-git | |
| penguin-subtitle-player | |
| perl-proc-parallelloop | |
| perl-set-object | |
| perl-term-extendedcolor | |
| phonon-qt5-vlc | |
| php-geoip | | | php-legacy-memcache | | | php-memcache | | | php-openswoole-git | | | php-xdiff | | | picom-ftlabs-git | | | pidgin-kwallet | | | pipetoys | |
| pipewire-visualizer-git | |
| plex-media-player-custom | |
| plex-media-player-mod | |
| plex-media-player-v2 | |
| premake-git | | | prisma4postgres-bin | | | profile-sync-daemon-zen | | | pymacs | | | pypiserver | | | pypy-setuptools | | | python-apt | | | python-affine | | | python-argdispatch | | | python-awkward | | | python-axolotl-git | | | python-calmjs | | | python-celery | | | python-cerealizer | | | python-ci-info | | | python-coolname | | | python-cu2qu-git | | | python-dataproperty | | | python-dbapi-compliance | | | python-dictobject | |
| python-dj-database-url | |
| python-django-modelcluster | |
| python-django-rest-knox | |
| python-fastmcp-slim | |
| python-finnhub-python | |
| python-firebase-admin | |
| python-fmu_manipulation_toolbox | | | python-future | | | python-g4f | | | python-hist | | | python-histoprint | | | python-hsaudiotag3k | | | python-iminuit | | | python-iso3166 | | | python-isr-git | | | python-jsmin | | | python-json2xml | |
| python-luckydonald-utils | |
| python-milvus-lite-bin | |
| python-mmcif | | | python-monotonic | | | python-mplhep | | | python-mplhep_data | |
| python-netaudio-git | |
| python-netaudio-lib | |
| python-newspaper4k | | | python-nipype | |
| python-nodejs-wheel | |
| python-openai-harmony | |
| python-orange | | | python-pdf2docx | | | python-piecash | | | python-pluginmgr | |
| python-poetry-plugin-dotenv | |
| python-privy-git | |
| "python-pushbullet.py" | |
| python-pychromecast-git | |
| python-pylsp-rope | |
| python-pymilvus | | | python-pysocks-git | | | python-rembg | |
| python-scikit-hep-testdata | |
| python-sklearn-pandas | |
| python-sqliteschema | | | python-starlette-compress | | | python-starsessions | | | python-steamcontroller-git | | | python-tabledata | | | python-tarantool | | | python-tradingeconomics | | | python-uhi | | | python-uproot | | | python-vector | | | python-xtarfile | | | python2-appdirs | | | python2-fusepy | | | python2-lazr-uri | | | python2-mutagen | | | python2-notify | | | python2-packaging | | | python2-paver | | | python2-pyparsing | | | python2-simplejson | | | python2-simpleparse | | | python2-stomper | | | python2-twodict-git | | | python2-xlib | | | qhttpengine | | | qlementine | | | qmdnsengine | | | qnapi | | | qobuz-player-bin | | | qtum-core | | | quickswitch-i3 | | | r-dbplyr | | | reactphysics3d | | | repoporge | | | retibbs-client-git | | | rhythmbox-git | | | rimworld | |
| rog-helper-git | |
| ros2-humble-nav2-msgs | |
| rtspeccy-git | | | ruah-orch | | | ruby-excon | |
| ruby-kramdown-rfc2629 | |
| ruby-selenium-webdriver | |
| runescape-launcher | | | sakura-launcher-gui | | | sandlock | | | screenpipe-bin | | | sdcc-bin | | | seahorse-nautilus | | | shhmsg | | | shhopt | | | slipnet | | | slipnet-bin | | | smenu | | | smenu-git | | | smolrtsp | | | smolrtsp-libevent | | | snry-shell-qs | | | soapyptezuka | | | solara-kernel-headers | | | sonosano | | | soundpaad-bin | | | sshuttlee | | | sshuttlee-bin | | | stompbox-jack-git | | | stripe-cli | | | stylelint-config-recommended | | | subbrute | | | sublist3r-git | | | subprocess | | | subsync | | | svu | | | sway-xkb-switcher | | | tack | | | tarantool | | | tesseract-gui | | | thunar-nextcloud-plugin | | | thunderbird-conversations | | | tinyemu | | | tlpui-git | | | torch7-git | | | touchhle | | | touchosc-bin | | | transcreen | | | tsm | | | ttf-material-design-icons-git | | | tunacode-cli | |
| typing-game-cli | |
| ukui-notification-daemon | |
| vapoursynth-preview-git | |
| vbam-git | | | verso-git | | | vidcutter | | | vim-easymotion | | | vim-gitgutter | | | vim-indent-object | | | vim-molokai | | | vim-pythonhelper | | | vim-solidity | | | vim-vital | | | vocalinux-git | | | voquill-gpu | | | wallpaper-generator-next | | | wayland-static | | | we-layerd-git | | | whatsie-git | | | whisper2tr | | | whisper2tr-git | | | windowmaker-git | | | wine-nine | | | wire-desktop | | | word-snatchers-cli | | | workbench | | | workbuddy-bin | | | wrystr-git | | | wsjtx-beta | | | xf86-input-mtrack-git | | | xorg-xfsinfo | | | xplot | | | xpra-html5 | | | xray-domain-list-community | | | yarg | | | yt6801-dkms | | | yy | |
| zathura-gruvbox-git | |
| zerx-lab-dida-bin | |
| zerx-lab-zed-nightly-bin | |
| zing-8-bin | |
| zing-17-bin | |
| zing-21-bin | |
| zinnia-python | | | zsdx | | | ) | | | echo | | | echo "Checking for infected AUR packages (${#INFECTED_PKGS[@]} total)..." | | | echo | |
| found=() | |
| gen_installed=() | |
| while read -r pkg; do | |
| if pacman -Q $pkg &>/dev/null; then | |
| # package is installed, track and check install date | |
| gen_installed+=("$pkg") | |
| if LC_ALL=C pacman -Qi $pkg | tail -5 | head -1 | grep -qE 'Jun 9|Jun 10|Jun 11|Jun 12'; then | |
| found+=("$pkg") | |
| fi | | | fi | |
| done < <(pacman -Qmq "${INFECTED_PKGS[@]}" 2>/dev/null) | |
| if [[ ${#found[@]} -eq 0 ]]; then | |
| echo "Clean: None of the known infected packages were installed within 48 hours of the campaign." | | | else | |
| echo "WARNING: ${#found[@]} possibly infected package(s) found:" | |
| for pkg in "${found[@]}"; do | |
| echo " - $pkg" | | | done | | | fi | | | echo | |
| echo "==================================================================" | |
| echo "Compromised packages found OUTSIDE compromise window: (${#gen_installed[@]} total)" | |
| for pkg in "${gen_installed[@]}"; do | |
| echo " - $pkg" | | | done |