this post was submitted on 13 Jun 2026
100 points (99.0% liked)

Technology

85355 readers
4188 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
100
Arch Linux Now Believes Malware Incident Under Control: More Than 1,500 Affected Packages (www.phoronix.com)
submitted 5 hours ago by rafssunny@lemmy.zip to c/technology@lemmy.world
26 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Peter_Arbeitslos@feddit.org 16 points 4 hours ago (2 children)

We're currently at 1621.

https://md.archlinux.org/s/SxbqukK6IA

[–] brokenwing@discuss.tchncs.de 2 points 2 hours ago (2 children)

What to do if I found a package I installed to be in that list? libgdata to be specific?

[–] Peter_Arbeitslos@feddit.org 1 points 22 minutes ago* (last edited 13 minutes ago)

Have a check if you updated it recently (PKGBUILD history, about June 10-12). If not you're fine.

If:

  • Rotate all credentials — browser passwords, SSH keys, API tokens, and cloud access keys
  • Scan for suspicious processes masquerading as kernel threads using tools like rkhunter or chkrootkit (E: It's supposed to be an eBPF rootkit)

(reference)

Personally I would reset everything if I got anything, to kill both any infection and my paranoia. Then reset credentials.

[–] ilmagico@lemmy.world 1 points 1 hour ago

Was it installed from the aur? If not, you're fine

[–] A_norny_mousse@piefed.zip 3 points 3 hours ago (3 children)

I'm still missing any sort of in-depth info about all this.

[–] ExLisper@lemmy.curiana.net 1 points 2 hours ago (1 children)

They got hacked.

Use Debian. /s

[–] A_norny_mousse@piefed.zip 2 points 2 hours ago (1 children)

I meant something I can read.

They got hacked.

I don't think so.

[–] caseyweederman@lemmy.ca 0 points 56 minutes ago

I mean
Like...
Yes?
Yes, that's what happened. That is the correct word for it.
Attackers exploited vulnerabilities in a system in order to run code on other people's machines

[–] Peter_Arbeitslos@feddit.org 0 points 2 hours ago

Wouldn't even suprise me if they just did it fo the lulz.

[–] Peter_Arbeitslos@feddit.org 0 points 3 hours ago* (last edited 2 hours ago)

same