略读预计 1 分钟

Russian Spam & Profanities Are Now Plaguing The Arch Linux AUR

摘要

继此前 1500 多个软件包发现恶意软件后，Arch Linux 用户仓库（AUR）现又面临俄罗斯垃圾信息侵扰。AI 检测机器人发现已有超过 70 个软件包（涉及 Python、Ruby 及 Llama.cpp 等）被植入攻击性言论，这些内容通常被添加到 bashrc、zshrc 等 Shell 配置文件中。目前维护者正利用 AI/LLM 工具主动识别并处理此类滥用行为。

荐读理由

警示你在维护 AI 开发环境时规避 Arch Linux AUR 仓库的供应链风险，特别是 Llama.cpp 等核心组件已出现恶意代码注入，需核查本地 shell 配置文件是否遭污染。

原文

Russian Spam & Profanities Are Now Plaguing The Arch Linux AUR

Written by Michael Larabel in Arch Linux on 15 June 2026 at 12:43 PM EDT. 20 Comments

After days of dealing with 1,500+ packages in the Arch Linux AUR containing malware, the latest headache in the Arch Linux User Repository is Russian spam and offensive messages.

Nicolas Boichat with his AI/LLM detection bot detected some questionable messages appearing in AUR content. Russian messages were being added post-install to the bashrc / zshrc / Fish configuration, etc containing offensive messaging. Those commits happened on the 14th, after the recent malware fiasco.

And then over the past day reporting on dozens of AUR packages having similar Russian messages containing offensive language.

The latest update on that thread indicates more than 70 AUR packages having this Russian spam / offensive messaging. Among those various Python packages, Ruby packages, Llama.cpp, and others.

At least the AI/LLM bots are proving helpful here in proactively picking up on some of the AUR abuses until the fundamental situation can be better handled.

Lobsters · 2 赞 · 0 评讨论 → 阅读原文 →

这条对你有帮助吗？