{"slug": "aur-compromise-check-sh", "title": "aur_compromise_check.sh", "summary": "A developer released a shell script to check for packages possibly compromised in the June 2026 AUR exploitation. The script lists hundreds of potentially infected package names, including popular ones like exodus-wallet-bin and bitcoin-core-git. Users are advised to run the check and take appropriate action.", "body_md": "| #!/usr/bin/env bash | |\n| # | |\n| # A quick-and-easy check for possibly impacted packages | |\n| # of the 20260611 AUR exploitation | |\n| # | |\n| # Forked+updated from, and credit to, the original: | |\n| # https://gist.github.com/Kidev/59bf9f5fb53ab5eee99f19a6a2fc3992 | |\n| # | |\n| # <3 cscs <3 | |\n| INFECTED_PKGS=( | |\n| 123pan-bin | |\n| 1code | |\n| 8192eu-dkms-git | |\n| actual-ai | |\n| adblock2privoxy | |\n| aion-git | |\n| albion-online-launcher-bin | |\n| alienfx | |\n| alvr | |\n| android-signapk | |\n| android-signapk-gui | |\n| android-support-repository | |\n| annobin | |\n| ansible-language-server | |\n| antfs-cli-git | |\n| anythingllm-appimage | |\n| anythingllm-cli-bin | |\n| apk-installer-gui | |\n| apm_planner-bin | |\n| apothem | |\n| apple-music-desktop | |\n| arch-update-vai | |\n| archjh | |\n| archlinux-themes-slim | |\n| archmage | |\n| archtex-git | |\n| arm-linux-gnueabihf-binutils | |\n| artanis-git | |\n| astro-editor-appimage | |\n| atomicwalet | |\n| atomicwalllet | |\n| autohand-cli | |\n| autolabel | |\n| autologin | |\n| azurlaneautoscript | |\n| bcachefs-kernel-dkms-git | |\n| beebeep | |\n| bitcoin-core-git | |\n| blinkenlib | |\n| blueproximity-py3-git | |\n| booklore | |\n| brow6el | |\n| brow6el-git | |\n| canon-pixma-mg3000-complete-fixed | |\n| cartridge-cli | |\n| ccase-bin | |\n| ccl-git | |\n| cgminer | |\n| charcoal | |\n| cinny-desktop-system-tray | |\n| clai | |\n| clang19 | |\n| clash-mi | |\n| cling-git | |\n| cmuclmtk | |\n| cnijfilter-common | |\n| codenomad-bin | |\n| codeql-cli-bin | |\n| cogpit-bin | |\n| colorhug-client | |\n| colorz | |\n| compiler-rt19 | |\n| compizconfig-python | |\n| coolreader | |\n| cowdancer | |\n| cutefish-calculator | |\n| cutefish-core | |\n| cutefish-dock | |\n| cutefish-filemanager | |\n| cutefish-icons | |\n| cutefish-launcher | |\n| cutefish-qt-plugins | |\n| cutefish-screenlocker | |\n| cutefish-screenshot | |\n| cutefish-settings | |\n| cutefish-statusbar | |\n| cutefish-wallpapers | |\n| cvs-feature-bin | |\n| cynthiune.app | |\n| dagu-bin | |\n| datatype99 | |\n| deheader | |\n| dep | |\n| dh-python | |\n| difi | |\n| difi-bin | |\n| doctoc | |\n| dots-hyprland-fork-git | |\n| dvdrip | |\n| dyad-bin | |\n| easy_spice | |\n| edconv-bin | |\n| efiboots-git | |\n| electrum-nmc | |\n| elmerfem | |\n| eisl | |\n| epson-inkjet-printer-escpr2-clos-bin | |\n| exodas | |\n| exodis | |\n| exodud | |\n| exoduss | |\n| exodus-wallet-bin | |\n| exoduswallet | |\n| exodux | |\n| exoduz | |\n| exodys | |\n| exouds | |\n| farmmod-hub | |\n| fastoggenc | |\n| fastjet | |\n| fatx | |\n| fcitx5-pinyin-sougou-dict-git | |\n| ffmpeg-bitrate-stats | |\n| ffmpeg-quality-metrics | |\n| findpkg-git | |\n| firefox-extension-adnauseam-bin-amo | |\n| firmium-desktop-git | |\n| fishui | |\n| fishui-git | |\n| flashfocus | |\n| flexiblas | |\n| flynarwhal | |\n| fmlib | |\n| forgecode-bin | |\n| formidable-bin | |\n| frame | |\n| ftl | |\n| frutool | |\n| futhark-bin | |\n| gdl | |\n| gdlmm | |\n| git-annex-standalone | |\n| gnome-contacts-git | |\n| gnome-randr-rust | |\n| gnutls3.8.9 | |\n| gog-the-witcher-2-assassins-of-kings | |\n| gopher2600 | |\n| gopher2600-bin | |\n| gosh | |\n| gpx-viewer | |\n| graveman | |\n| green-tunnel-bin | |\n| greetd-wlgreet-git | |\n| gtkimageview | |\n| guile-reader | |\n| gummy | |\n| gummy-git | |\n| hackmatrix-git | |\n| harmony-wad | |\n| headphones | |\n| hearthstone-linux-gui-appimage | |\n| hearthstone-linux-gui-bin | |\n| hepmc2 | |\n| hister-git | |\n| hnswlib-git | |\n| horst | |\n| hydownloader-git | |\n| hydrus-git | |\n| i3bar-river | |\n| ianny-bin | |\n| ibm-sw-tpm2 | |\n| ihaskell-git | |\n| imageglass | |\n| inadyn | |\n| indicator-session | |\n| infnoise-openssl-git | |\n| interface99 | |\n| ios-webkit-debug-proxy | |\n| ipfs-desktop-bin | |\n| ipsw | |\n| iron-heart-git | |\n| jasp-desktop | |\n| jd-gui | |\n| k3sup | |\n| kdb | |\n| kddockwidgets-git | |\n| kexi | |\n| kiss | |\n| ktea | |\n| kookbook | |\n| kproperty | |\n| kreport | |\n| latex-digsig | |\n| lazylpsolverlibs-git | |\n| ledger-udev-bin | |\n| lesstif | |\n| lib32-egl-wayland | |\n| libafterimage | |\n| libbobcat | |\n| libcutefish | |\n| libffi-static | |\n| libgdata | |\n| libjxl-noglycin | |\n| libquvi | |\n| libquvi-scripts | |\n| libretro-hatari-enhanced-git | |\n| libxdiff | |\n| libxml-ruby | |\n| libyami | |\n| linux-cachyos-deckify-native | |\n| linux-cachyos-deckify-native-headers | |\n| linux-cachyos-native | |\n| linux-cachyos-native-headers | |\n| linux-cachyos-native-nvidia-open | |\n| linux-cachyos-rc-native | |\n| linux-cachyos-rc-native-headers | |\n| linux-cachyos-rc-native-nvidia-open | |\n| linux-tool | |\n| liri-cmake-shared-git | |\n| lite | |\n| lll | |\n| llvm-cbe-git | |\n| lowfi-bin | |\n| \"ls++\" | |\n| lucidvideo | |\n| m5rcode | |\n| magpie-wm | |\n| mako-center-git | |\n| manuskript | |\n| maszyna-git | |\n| mathsat-5 | |\n| matrixbrandy | |\n| mcp-probe | |\n| mcpatcher | |\n| mermaid-ascii-git | |\n| mermark-editor | |\n| mesa-dlss-reflex-git | |\n| meteo | |\n| mimic-node-git | |\n| mingw-w64-geos | |\n| mingw-w64-libsndfile | |\n| minimax-bin-hardened | |\n| minitube | |\n| misuzu-music-bin | |\n| mono-addins | |\n| monochrome | |\n| monochrome-git | |\n| moor-git | |\n| mount-gtk | |\n| mopen | |\n| n1-translator | |\n| naemon | |\n| naemon-livestatus | |\n| natapp | |\n| nebuchadnezzar-git | |\n| neovim-autopairs-git | |\n| neovim-nvim-treesitter | |\n| nerf-pi | |\n| neuro-karaoke-wrapper-git | |\n| new-api-privacy-filter | |\n| new-api-privacy-filter-git | |\n| nextcloud-app-audioplayer | |\n| nextcloud-app-facerecognition | |\n| nextcloud-app-gpoddersync | |\n| nextcloud-app-integration-google | |\n| nextcloud-app-repod | |\n| nextcloud-app-twofactor-gateway | |\n| nextcloud-git | |\n| nexus-bin | |\n| nginx-mod-vts | |\n| nhentai-git | |\n| nocodb | |\n| noctyra-dotfiles-git | |\n| noctyra-meta-git | |\n| \"notepad---bin\" | |\n| nox-bin | |\n| nrpe | |\n| nwchem-bin | |\n| ob-xd | |\n| octocode | |\n| opencode-codebase-index-bin | |\n| openui5 | |\n| opl-synth | |\n| optimizevideo-git | |\n| oracle-bin | |\n| pacforge | |\n| paper-desktop-bin | |\n| paq8o | |\n| parallel-python | |\n| pass-cli | |\n| pelican-git | |\n| penguin-subtitle-player | |\n| perl-proc-parallelloop | |\n| perl-set-object | |\n| perl-term-extendedcolor | |\n| phonon-qt5-vlc | |\n| php-geoip | |\n| php-legacy-memcache | |\n| php-memcache | |\n| php-openswoole-git | |\n| php-xdiff | |\n| picom-ftlabs-git | |\n| pidgin-kwallet | |\n| pipetoys | |\n| pipewire-visualizer-git | |\n| plex-media-player-custom | |\n| plex-media-player-mod | |\n| plex-media-player-v2 | |\n| premake-git | |\n| prisma4postgres-bin | |\n| profile-sync-daemon-zen | |\n| pymacs | |\n| pypiserver | |\n| pypy-setuptools | |\n| python-apt | |\n| python-affine | |\n| python-argdispatch | |\n| python-awkward | |\n| python-axolotl-git | |\n| python-calmjs | |\n| python-celery | |\n| python-cerealizer | |\n| python-ci-info | |\n| python-coolname | |\n| python-cu2qu-git | |\n| python-dataproperty | |\n| python-dbapi-compliance | |\n| python-dictobject | |\n| python-dj-database-url | |\n| python-django-modelcluster | |\n| python-django-rest-knox | |\n| python-fastmcp-slim | |\n| python-finnhub-python | |\n| python-firebase-admin | |\n| python-fmu_manipulation_toolbox | |\n| python-future | |\n| python-g4f | |\n| python-hist | |\n| python-histoprint | |\n| python-hsaudiotag3k | |\n| python-iminuit | |\n| python-iso3166 | |\n| python-isr-git | |\n| python-jsmin | |\n| python-json2xml | |\n| python-luckydonald-utils | |\n| python-milvus-lite-bin | |\n| python-mmcif | |\n| python-monotonic | |\n| python-mplhep | |\n| python-mplhep_data | |\n| python-netaudio-git | |\n| python-netaudio-lib | |\n| python-newspaper4k | |\n| python-nipype | |\n| python-nodejs-wheel | |\n| python-openai-harmony | |\n| python-orange | |\n| python-pdf2docx | |\n| python-piecash | |\n| python-pluginmgr | |\n| python-poetry-plugin-dotenv | |\n| python-privy-git | |\n| \"python-pushbullet.py\" | |\n| python-pychromecast-git | |\n| python-pylsp-rope | |\n| python-pymilvus | |\n| python-pysocks-git | |\n| python-rembg | |\n| python-scikit-hep-testdata | |\n| python-sklearn-pandas | |\n| python-sqliteschema | |\n| python-starlette-compress | |\n| python-starsessions | |\n| python-steamcontroller-git | |\n| python-tabledata | |\n| python-tarantool | |\n| python-tradingeconomics | |\n| python-uhi | |\n| python-uproot | |\n| python-vector | |\n| python-xtarfile | |\n| python2-appdirs | |\n| python2-fusepy | |\n| python2-lazr-uri | |\n| python2-mutagen | |\n| python2-notify | |\n| python2-packaging | |\n| python2-paver | |\n| python2-pyparsing | |\n| python2-simplejson | |\n| python2-simpleparse | |\n| python2-stomper | |\n| python2-twodict-git | |\n| python2-xlib | |\n| qhttpengine | |\n| qlementine | |\n| qmdnsengine | |\n| qnapi | |\n| qobuz-player-bin | |\n| qtum-core | |\n| quickswitch-i3 | |\n| r-dbplyr | |\n| reactphysics3d | |\n| repoporge | |\n| retibbs-client-git | |\n| rhythmbox-git | |\n| rimworld | |\n| rog-helper-git | |\n| ros2-humble-nav2-msgs | |\n| rtspeccy-git | |\n| ruah-orch | |\n| ruby-excon | |\n| ruby-kramdown-rfc2629 | |\n| ruby-selenium-webdriver | |\n| runescape-launcher | |\n| sakura-launcher-gui | |\n| sandlock | |\n| screenpipe-bin | |\n| sdcc-bin | |\n| seahorse-nautilus | |\n| shhmsg | |\n| shhopt | |\n| slipnet | |\n| slipnet-bin | |\n| smenu | |\n| smenu-git | |\n| smolrtsp | |\n| smolrtsp-libevent | |\n| snry-shell-qs | |\n| soapyptezuka | |\n| solara-kernel-headers | |\n| sonosano | |\n| soundpaad-bin | |\n| sshuttlee | |\n| sshuttlee-bin | |\n| stompbox-jack-git | |\n| stripe-cli | |\n| stylelint-config-recommended | |\n| subbrute | |\n| sublist3r-git | |\n| subprocess | |\n| subsync | |\n| svu | |\n| sway-xkb-switcher | |\n| tack | |\n| tarantool | |\n| tesseract-gui | |\n| thunar-nextcloud-plugin | |\n| thunderbird-conversations | |\n| tinyemu | |\n| tlpui-git | |\n| torch7-git | |\n| touchhle | |\n| touchosc-bin | |\n| transcreen | |\n| tsm | |\n| ttf-material-design-icons-git | |\n| tunacode-cli | |\n| typing-game-cli | |\n| ukui-notification-daemon | |\n| vapoursynth-preview-git | |\n| vbam-git | |\n| verso-git | |\n| vidcutter | |\n| vim-easymotion | |\n| vim-gitgutter | |\n| vim-indent-object | |\n| vim-molokai | |\n| vim-pythonhelper | |\n| vim-solidity | |\n| vim-vital | |\n| vocalinux-git | |\n| voquill-gpu | |\n| wallpaper-generator-next | |\n| wayland-static | |\n| we-layerd-git | |\n| whatsie-git | |\n| whisper2tr | |\n| whisper2tr-git | |\n| windowmaker-git | |\n| wine-nine | |\n| wire-desktop | |\n| word-snatchers-cli | |\n| workbench | |\n| workbuddy-bin | |\n| wrystr-git | |\n| wsjtx-beta | |\n| xf86-input-mtrack-git | |\n| xorg-xfsinfo | |\n| xplot | |\n| xpra-html5 | |\n| xray-domain-list-community | |\n| yarg | |\n| yt6801-dkms | |\n| yy | |\n| zathura-gruvbox-git | |\n| zerx-lab-dida-bin | |\n| zerx-lab-zed-nightly-bin | |\n| zing-8-bin | |\n| zing-17-bin | |\n| zing-21-bin | |\n| zinnia-python | |\n| zsdx | |\n| ) | |\n| echo | |\n| echo \"Checking for infected AUR packages (${#INFECTED_PKGS[@]} total)...\" | |\n| echo | |\n| found=() | |\n| gen_installed=() | |\n| while read -r pkg; do | |\n| if pacman -Q $pkg &>/dev/null; then | |\n| # package is installed, track and check install date | |\n| gen_installed+=(\"$pkg\") | |\n| if LC_ALL=C pacman -Qi $pkg | tail -5 | head -1 | grep -qE 'Jun 9|Jun 10|Jun 11|Jun 12'; then | |\n| found+=(\"$pkg\") | |\n| fi | |\n| fi | |\n| done < <(pacman -Qmq \"${INFECTED_PKGS[@]}\" 2>/dev/null) | |\n| if [[ ${#found[@]} -eq 0 ]]; then | |\n| echo \"Clean: None of the known infected packages were installed within 48 hours of the campaign.\" | |\n| else | |\n| echo \"WARNING: ${#found[@]} possibly infected package(s) found:\" | |\n| for pkg in \"${found[@]}\"; do | |\n| echo \" - $pkg\" | |\n| done | |\n| fi | |\n| echo | |\n| echo \"==================================================================\" | |\n| echo \"Compromised packages found OUTSIDE compromise window: (${#gen_installed[@]} total)\" | |\n| for pkg in \"${gen_installed[@]}\"; do | |\n| echo \" - $pkg\" | |\n| done |", "url": "https://wpnews.pro/news/aur-compromise-check-sh", "canonical_source": "https://gist.github.com/bwhitehead0/74a8960e33e641cfa820f448a7a12d8e", "published_at": "2026-06-12 18:44:26+00:00", "updated_at": "2026-06-13 14:15:42.554898+00:00", "lang": "en", "topics": ["developer-tools"], "entities": ["AUR", "Arch Linux"], "alternates": {"html": "https://wpnews.pro/news/aur-compromise-check-sh", "markdown": "https://wpnews.pro/news/aur-compromise-check-sh.md", "text": "https://wpnews.pro/news/aur-compromise-check-sh.txt", "jsonld": "https://wpnews.pro/news/aur-compromise-check-sh.jsonld"}}