# aur_compromise_check.sh

> Source: <https://gist.github.com/bwhitehead0/74a8960e33e641cfa820f448a7a12d8e>
> Published: 2026-06-12 18:44:26+00:00

| #!/usr/bin/env bash | |
| # | |
| # A quick-and-easy check for possibly impacted packages | |
| # of the 20260611 AUR exploitation | |
| # | |
| # Forked+updated from, and credit to, the original: | |
| # https://gist.github.com/Kidev/59bf9f5fb53ab5eee99f19a6a2fc3992 | |
| # | |
| # <3 cscs <3 | |
| INFECTED_PKGS=( | |
| 123pan-bin | |
| 1code | |
| 8192eu-dkms-git | |
| actual-ai | |
| adblock2privoxy | |
| aion-git | |
| albion-online-launcher-bin | |
| alienfx | |
| alvr | |
| android-signapk | |
| android-signapk-gui | |
| android-support-repository | |
| annobin | |
| ansible-language-server | |
| antfs-cli-git | |
| anythingllm-appimage | |
| anythingllm-cli-bin | |
| apk-installer-gui | |
| apm_planner-bin | |
| apothem | |
| apple-music-desktop | |
| arch-update-vai | |
| archjh | |
| archlinux-themes-slim | |
| archmage | |
| archtex-git | |
| arm-linux-gnueabihf-binutils | |
| artanis-git | |
| astro-editor-appimage | |
| atomicwalet | |
| atomicwalllet | |
| autohand-cli | |
| autolabel | |
| autologin | |
| azurlaneautoscript | |
| bcachefs-kernel-dkms-git | |
| beebeep | |
| bitcoin-core-git | |
| blinkenlib | |
| blueproximity-py3-git | |
| booklore | |
| brow6el | |
| brow6el-git | |
| canon-pixma-mg3000-complete-fixed | |
| cartridge-cli | |
| ccase-bin | |
| ccl-git | |
| cgminer | |
| charcoal | |
| cinny-desktop-system-tray | |
| clai | |
| clang19 | |
| clash-mi | |
| cling-git | |
| cmuclmtk | |
| cnijfilter-common | |
| codenomad-bin | |
| codeql-cli-bin | |
| cogpit-bin | |
| colorhug-client | |
| colorz | |
| compiler-rt19 | |
| compizconfig-python | |
| coolreader | |
| cowdancer | |
| cutefish-calculator | |
| cutefish-core | |
| cutefish-dock | |
| cutefish-filemanager | |
| cutefish-icons | |
| cutefish-launcher | |
| cutefish-qt-plugins | |
| cutefish-screenlocker | |
| cutefish-screenshot | |
| cutefish-settings | |
| cutefish-statusbar | |
| cutefish-wallpapers | |
| cvs-feature-bin | |
| cynthiune.app | |
| dagu-bin | |
| datatype99 | |
| deheader | |
| dep | |
| dh-python | |
| difi | |
| difi-bin | |
| doctoc | |
| dots-hyprland-fork-git | |
| dvdrip | |
| dyad-bin | |
| easy_spice | |
| edconv-bin | |
| efiboots-git | |
| electrum-nmc | |
| elmerfem | |
| eisl | |
| epson-inkjet-printer-escpr2-clos-bin | |
| exodas | |
| exodis | |
| exodud | |
| exoduss | |
| exodus-wallet-bin | |
| exoduswallet | |
| exodux | |
| exoduz | |
| exodys | |
| exouds | |
| farmmod-hub | |
| fastoggenc | |
| fastjet | |
| fatx | |
| fcitx5-pinyin-sougou-dict-git | |
| ffmpeg-bitrate-stats | |
| ffmpeg-quality-metrics | |
| findpkg-git | |
| firefox-extension-adnauseam-bin-amo | |
| firmium-desktop-git | |
| fishui | |
| fishui-git | |
| flashfocus | |
| flexiblas | |
| flynarwhal | |
| fmlib | |
| forgecode-bin | |
| formidable-bin | |
| frame | |
| ftl | |
| frutool | |
| futhark-bin | |
| gdl | |
| gdlmm | |
| git-annex-standalone | |
| gnome-contacts-git | |
| gnome-randr-rust | |
| gnutls3.8.9 | |
| gog-the-witcher-2-assassins-of-kings | |
| gopher2600 | |
| gopher2600-bin | |
| gosh | |
| gpx-viewer | |
| graveman | |
| green-tunnel-bin | |
| greetd-wlgreet-git | |
| gtkimageview | |
| guile-reader | |
| gummy | |
| gummy-git | |
| hackmatrix-git | |
| harmony-wad | |
| headphones | |
| hearthstone-linux-gui-appimage | |
| hearthstone-linux-gui-bin | |
| hepmc2 | |
| hister-git | |
| hnswlib-git | |
| horst | |
| hydownloader-git | |
| hydrus-git | |
| i3bar-river | |
| ianny-bin | |
| ibm-sw-tpm2 | |
| ihaskell-git | |
| imageglass | |
| inadyn | |
| indicator-session | |
| infnoise-openssl-git | |
| interface99 | |
| ios-webkit-debug-proxy | |
| ipfs-desktop-bin | |
| ipsw | |
| iron-heart-git | |
| jasp-desktop | |
| jd-gui | |
| k3sup | |
| kdb | |
| kddockwidgets-git | |
| kexi | |
| kiss | |
| ktea | |
| kookbook | |
| kproperty | |
| kreport | |
| latex-digsig | |
| lazylpsolverlibs-git | |
| ledger-udev-bin | |
| lesstif | |
| lib32-egl-wayland | |
| libafterimage | |
| libbobcat | |
| libcutefish | |
| libffi-static | |
| libgdata | |
| libjxl-noglycin | |
| libquvi | |
| libquvi-scripts | |
| libretro-hatari-enhanced-git | |
| libxdiff | |
| libxml-ruby | |
| libyami | |
| linux-cachyos-deckify-native | |
| linux-cachyos-deckify-native-headers | |
| linux-cachyos-native | |
| linux-cachyos-native-headers | |
| linux-cachyos-native-nvidia-open | |
| linux-cachyos-rc-native | |
| linux-cachyos-rc-native-headers | |
| linux-cachyos-rc-native-nvidia-open | |
| linux-tool | |
| liri-cmake-shared-git | |
| lite | |
| lll | |
| llvm-cbe-git | |
| lowfi-bin | |
| "ls++" | |
| lucidvideo | |
| m5rcode | |
| magpie-wm | |
| mako-center-git | |
| manuskript | |
| maszyna-git | |
| mathsat-5 | |
| matrixbrandy | |
| mcp-probe | |
| mcpatcher | |
| mermaid-ascii-git | |
| mermark-editor | |
| mesa-dlss-reflex-git | |
| meteo | |
| mimic-node-git | |
| mingw-w64-geos | |
| mingw-w64-libsndfile | |
| minimax-bin-hardened | |
| minitube | |
| misuzu-music-bin | |
| mono-addins | |
| monochrome | |
| monochrome-git | |
| moor-git | |
| mount-gtk | |
| mopen | |
| n1-translator | |
| naemon | |
| naemon-livestatus | |
| natapp | |
| nebuchadnezzar-git | |
| neovim-autopairs-git | |
| neovim-nvim-treesitter | |
| nerf-pi | |
| neuro-karaoke-wrapper-git | |
| new-api-privacy-filter | |
| new-api-privacy-filter-git | |
| nextcloud-app-audioplayer | |
| nextcloud-app-facerecognition | |
| nextcloud-app-gpoddersync | |
| nextcloud-app-integration-google | |
| nextcloud-app-repod | |
| nextcloud-app-twofactor-gateway | |
| nextcloud-git | |
| nexus-bin | |
| nginx-mod-vts | |
| nhentai-git | |
| nocodb | |
| noctyra-dotfiles-git | |
| noctyra-meta-git | |
| "notepad---bin" | |
| nox-bin | |
| nrpe | |
| nwchem-bin | |
| ob-xd | |
| octocode | |
| opencode-codebase-index-bin | |
| openui5 | |
| opl-synth | |
| optimizevideo-git | |
| oracle-bin | |
| pacforge | |
| paper-desktop-bin | |
| paq8o | |
| parallel-python | |
| pass-cli | |
| pelican-git | |
| penguin-subtitle-player | |
| perl-proc-parallelloop | |
| perl-set-object | |
| perl-term-extendedcolor | |
| phonon-qt5-vlc | |
| php-geoip | |
| php-legacy-memcache | |
| php-memcache | |
| php-openswoole-git | |
| php-xdiff | |
| picom-ftlabs-git | |
| pidgin-kwallet | |
| pipetoys | |
| pipewire-visualizer-git | |
| plex-media-player-custom | |
| plex-media-player-mod | |
| plex-media-player-v2 | |
| premake-git | |
| prisma4postgres-bin | |
| profile-sync-daemon-zen | |
| pymacs | |
| pypiserver | |
| pypy-setuptools | |
| python-apt | |
| python-affine | |
| python-argdispatch | |
| python-awkward | |
| python-axolotl-git | |
| python-calmjs | |
| python-celery | |
| python-cerealizer | |
| python-ci-info | |
| python-coolname | |
| python-cu2qu-git | |
| python-dataproperty | |
| python-dbapi-compliance | |
| python-dictobject | |
| python-dj-database-url | |
| python-django-modelcluster | |
| python-django-rest-knox | |
| python-fastmcp-slim | |
| python-finnhub-python | |
| python-firebase-admin | |
| python-fmu_manipulation_toolbox | |
| python-future | |
| python-g4f | |
| python-hist | |
| python-histoprint | |
| python-hsaudiotag3k | |
| python-iminuit | |
| python-iso3166 | |
| python-isr-git | |
| python-jsmin | |
| python-json2xml | |
| python-luckydonald-utils | |
| python-milvus-lite-bin | |
| python-mmcif | |
| python-monotonic | |
| python-mplhep | |
| python-mplhep_data | |
| python-netaudio-git | |
| python-netaudio-lib | |
| python-newspaper4k | |
| python-nipype | |
| python-nodejs-wheel | |
| python-openai-harmony | |
| python-orange | |
| python-pdf2docx | |
| python-piecash | |
| python-pluginmgr | |
| python-poetry-plugin-dotenv | |
| python-privy-git | |
| "python-pushbullet.py" | |
| python-pychromecast-git | |
| python-pylsp-rope | |
| python-pymilvus | |
| python-pysocks-git | |
| python-rembg | |
| python-scikit-hep-testdata | |
| python-sklearn-pandas | |
| python-sqliteschema | |
| python-starlette-compress | |
| python-starsessions | |
| python-steamcontroller-git | |
| python-tabledata | |
| python-tarantool | |
| python-tradingeconomics | |
| python-uhi | |
| python-uproot | |
| python-vector | |
| python-xtarfile | |
| python2-appdirs | |
| python2-fusepy | |
| python2-lazr-uri | |
| python2-mutagen | |
| python2-notify | |
| python2-packaging | |
| python2-paver | |
| python2-pyparsing | |
| python2-simplejson | |
| python2-simpleparse | |
| python2-stomper | |
| python2-twodict-git | |
| python2-xlib | |
| qhttpengine | |
| qlementine | |
| qmdnsengine | |
| qnapi | |
| qobuz-player-bin | |
| qtum-core | |
| quickswitch-i3 | |
| r-dbplyr | |
| reactphysics3d | |
| repoporge | |
| retibbs-client-git | |
| rhythmbox-git | |
| rimworld | |
| rog-helper-git | |
| ros2-humble-nav2-msgs | |
| rtspeccy-git | |
| ruah-orch | |
| ruby-excon | |
| ruby-kramdown-rfc2629 | |
| ruby-selenium-webdriver | |
| runescape-launcher | |
| sakura-launcher-gui | |
| sandlock | |
| screenpipe-bin | |
| sdcc-bin | |
| seahorse-nautilus | |
| shhmsg | |
| shhopt | |
| slipnet | |
| slipnet-bin | |
| smenu | |
| smenu-git | |
| smolrtsp | |
| smolrtsp-libevent | |
| snry-shell-qs | |
| soapyptezuka | |
| solara-kernel-headers | |
| sonosano | |
| soundpaad-bin | |
| sshuttlee | |
| sshuttlee-bin | |
| stompbox-jack-git | |
| stripe-cli | |
| stylelint-config-recommended | |
| subbrute | |
| sublist3r-git | |
| subprocess | |
| subsync | |
| svu | |
| sway-xkb-switcher | |
| tack | |
| tarantool | |
| tesseract-gui | |
| thunar-nextcloud-plugin | |
| thunderbird-conversations | |
| tinyemu | |
| tlpui-git | |
| torch7-git | |
| touchhle | |
| touchosc-bin | |
| transcreen | |
| tsm | |
| ttf-material-design-icons-git | |
| tunacode-cli | |
| typing-game-cli | |
| ukui-notification-daemon | |
| vapoursynth-preview-git | |
| vbam-git | |
| verso-git | |
| vidcutter | |
| vim-easymotion | |
| vim-gitgutter | |
| vim-indent-object | |
| vim-molokai | |
| vim-pythonhelper | |
| vim-solidity | |
| vim-vital | |
| vocalinux-git | |
| voquill-gpu | |
| wallpaper-generator-next | |
| wayland-static | |
| we-layerd-git | |
| whatsie-git | |
| whisper2tr | |
| whisper2tr-git | |
| windowmaker-git | |
| wine-nine | |
| wire-desktop | |
| word-snatchers-cli | |
| workbench | |
| workbuddy-bin | |
| wrystr-git | |
| wsjtx-beta | |
| xf86-input-mtrack-git | |
| xorg-xfsinfo | |
| xplot | |
| xpra-html5 | |
| xray-domain-list-community | |
| yarg | |
| yt6801-dkms | |
| yy | |
| zathura-gruvbox-git | |
| zerx-lab-dida-bin | |
| zerx-lab-zed-nightly-bin | |
| zing-8-bin | |
| zing-17-bin | |
| zing-21-bin | |
| zinnia-python | |
| zsdx | |
| ) | |
| echo | |
| echo "Checking for infected AUR packages (${#INFECTED_PKGS[@]} total)..." | |
| echo | |
| found=() | |
| gen_installed=() | |
| while read -r pkg; do | |
| if pacman -Q $pkg &>/dev/null; then | |
| # package is installed, track and check install date | |
| gen_installed+=("$pkg") | |
| if LC_ALL=C pacman -Qi $pkg | tail -5 | head -1 | grep -qE 'Jun 9|Jun 10|Jun 11|Jun 12'; then | |
| found+=("$pkg") | |
| fi | |
| fi | |
| done < <(pacman -Qmq "${INFECTED_PKGS[@]}" 2>/dev/null) | |
| if [[ ${#found[@]} -eq 0 ]]; then | |
| echo "Clean: None of the known infected packages were installed within 48 hours of the campaign." | |
| else | |
| echo "WARNING: ${#found[@]} possibly infected package(s) found:" | |
| for pkg in "${found[@]}"; do | |
| echo " - $pkg" | |
| done | |
| fi | |
| echo | |
| echo "==================================================================" | |
| echo "Compromised packages found OUTSIDE compromise window: (${#gen_installed[@]} total)" | |
| for pkg in "${gen_installed[@]}"; do | |
| echo " - $pkg" | |
| done |