Those packages are likely compromised (all from a malicious user 
charlottedurand <https://aur.archlinux.org/account/charlottedurand>):

python-poetry-plugin-dotenv
iceweasel
firefox-esr-globalmenu
python-pylsp-rope
cardano-node-bin
git-open
nitrogen-git
nem-wallet
minify-js-bin
minichrome
mingw-w64-laz-perf
mdbook-compress
masari
linux-cachyos-deckify-native
linux-cachyos-deckify-native-headers
librewolf-extension-protonpass-bin
librewolf-extension-duckduckgo-privacy-essentials
kristforge-bin
kmorph
just-js-completion
js-design-appimage
js-design-agent-bin
jade-application-kit
gutenpy
gobyte-qt
gminer-bin
fontfinder
firefox-librejs
firefox-floccus
firefox-esr-ublock-origin
firefox-esr-noscript
firefox-babble
fifth-git
felinks-python
ethlint-git
esteem-bin
emerald-wallet-bin
elixirscript
elements-project-bin
elements-project
edfbrowser-git
deno-git
cxo
curecoind-git
ctjs-bin
create-next-app
concordium-node-bin
concordium-desktop-wallet-testnet-bin
concordium-desktop-wallet-bin
concordium-desktop-wallet-appimage
code-notes-bin
cl-javascript
certbox-bin
catalyst5-browser
carto-sql-api
cardano-wallet
cardano-addresses
camunda-modeler-plugin-bpmn-js-token-simulation
caja-deja-dup-bzr
btdex-git
browserpass-git
browserpass-cachy-browser
bonsai-browser 

On Sat, Jun 13, 2026, at 21:36, Joshua Arnott wrote:
> On Sat, 13 Jun 2026, at 8:31 PM, Edmund Lodewijks wrote:
>> Hallo!
>> 
>> Reporting AUR package: caja-deja-dup-bzr
>> 
>> Just found this one, a former package of mine that I apparently still 
>> receive updates for:
>> 
>> caja-deja-dup-bzr 
>> <https://aur.archlinux.org/cgit/aur.git/log/?h=caja-deja-dup-bzr>
>> 
>> Perhaps a script that checks all uploads via SSH / changes on disk, and 
>> flags any addition of 'bun' etc?
>> 
>> Kind regards,
>> Edmund
>> 
>> 
>> -- 
>> Edmund Lodewijks <[email protected]>
>> TZ: UCT+2 / GMT+2
>> 
> 
> The malicious code in this is lightly obfuscated using string concatenation 
> in the post install hook to avoid basic pattern matching using grep, etc. Is 
> that new?

Benoît Zugmeyer

Reply via email to