home.social

#atomicarch — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #atomicarch, aggregated by home.social.

fetched live
  1. ⚠️ Arch users have certainly heard of #atomicarch : attackers hijacked orphaned AUR packages, slipping credential-stealing #malware into PKGBUILD post-install hooks. Official repos are safe - only AUR is hit. A community list of compromised packages has since grown to 1935 entries: github.com/lenucksi/aur-malwar

    If you installed or updated any AUR package since June 11 2026, cross-check the output of ‘yay -Qm’ against the list. A match means rotate all credentials and investigate 🔎

    #Arch_linux #aur

  2. ⚠️ Arch users have certainly heard of #atomicarch : attackers hijacked orphaned AUR packages, slipping credential-stealing #malware into PKGBUILD post-install hooks. Official repos are safe - only AUR is hit. A community list of compromised packages has since grown to 1935 entries: github.com/lenucksi/aur-malwar

    If you installed or updated any AUR package since June 11 2026, cross-check the output of ‘yay -Qm’ against the list. A match means rotate all credentials and investigate 🔎

    #Arch_linux #aur

  3. 🚨 Atomic Arch: AUR Malware Audit Tool

    The recent "Atomic Arch" campaign compromised over 1,500 AUR packages. If you synced using yay or paru between June 10-12, you might have pulled a Trojan targeting your SSH keys and API tokens.

    I’ve built a privacy-focused audit tool to help you check your system.

    ✅ Privacy First: All processing happens locally in your browser.
    ✅ Live Data: Fetches the threat list directly from Arch security servers.
    ✅ No Trackers: Just the tool and the data you need.

    Audit your system here:
    https://the.unknown-universe.co.uk/privacy-security/atomic-arch-audit-tool/

    Stay paranoid.

    #ArchLinux #AUR #Linux #CyberSecurity #AtomicArch #FOSS #Privacy #InfoSec
  4. 🚨 Atomic Arch: AUR Malware Audit Tool

    The recent "Atomic Arch" campaign compromised over 1,500 AUR packages. If you synced using yay or paru between June 10-12, you might have pulled a Trojan targeting your SSH keys and API tokens.

    I’ve built a privacy-focused audit tool to help you check your system.

    ✅ Privacy First: All processing happens locally in your browser.
    ✅ Live Data: Fetches the threat list directly from Arch security servers.
    ✅ No Trackers: Just the tool and the data you need.

    Audit your system here:
    https://the.unknown-universe.co.uk/privacy-security/atomic-arch-audit-tool/

    Stay paranoid.

    #ArchLinux #AUR #Linux #CyberSecurity #AtomicArch #FOSS #Privacy #InfoSec