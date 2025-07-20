news

Jul 20, 2025

updated Jul 20, 2025



Malware Discovered in Arch Linux AUR Packages

If you are an Arch user, you know – AUR (Arch User Repository) is a double-edged sword—it’s incredibly useful but requires caution. Unfortunately, that caution was warranted yet again this week when three AUR packages were found to contain malware.

The issue came to light on July 16 when a user uploaded a malicious package, librewolf-fix-bin, to the AUR. Within hours, two more packages—firefox-patch-bin and zen-browser-patched-bin—followed, all traced back to the same bad actor.

Security researchers quickly identified the threat: a Remote Access Trojan (RAT) hidden in a script pulled from a GitHub repository. For those unfamiliar, a RAT is no joke—it can grant attackers full control over an infected system, enabling them to steal data, install additional malware, or spy on users.