thread

Re: AUR REPORT THREAD

Sid Karunaratne

14 Jun 2026 14 Jun '26

6:03 p.m.

Not exactly malicious, but definitely spam. Using the github AUR repo: In all these cases it adds to bash/zsh etc shell configs to echo spam, in russian, on start. $ while read ref; do git grep --files-with-matches 'NoServices' $ref; done < <( git refs list --format '%(refname)' ) | grep -Po '(?<=refs/remotes/origin/).*' | sort | tee NoServices.txt algobox alist-desktop-bin arpoison asymptote-git aurbs blackfire-cli ccsm-git chinadns closure-hib cmaptools cypher-shell daggerfall-fixes dbacl docan-bin docan-unstable emacs-evil enyo-launcher esy faudio-git findwild gbdk gnome-pomodoro-git hidapi-git hypatia infer kicadlibrarian libdmx libparserutils-git llama.cpp-sycl-f16-git nikto-git nodejs-serverless nodejs-uglifycss nullfs-dkms-git onivim2-git onvifviewer pcb pcmanx-gtk2-git perl-xml-filter-domfilter-libxml pfqueue pgdbf plasma-theme-helium plataro-icons pngrim-git proteus-hib psychopy purple-gowhatsapp python-cmake-bin python-graphsrv python-imagebackup python-json2html python-llama-cpp-hip python-monkeytype python-pytest-filedata python-tmpl redocly rigsofrods-bin ruby-open_uri_redirections ruby-snapsync samsung-ssd-dc-toolkit scd softmaker-office-2012-bin spacebar-client-git spacebar-git swig2 systemtap-git tapeutape thomaswasalone-hib ttf-dotsies tuwunel-git ultimatevocalremovergui-git vaping vim-railscasts zenta-git (It was always in PKGBUILD, so I removed the ":PKGBUILD" from the output) On Thu, 11 Jun 2026, at 13:47, Jonathan Grotelüschen wrote:

...

Hi everyone,

we’re working hard to reset/delete all malicious commits and ban the accounts.

If you find more malicious packages, please send them as a reply to this email to keep them all in one thread.

Thanks!

-- tippfehlr

Attachments: • OpenPGP_signature.asc

Attachments:

• attachment.html (text/html — 2.9 KB)

**

Back to the thread

** Back to the list