Atomic Arch AUR Audit Tool
the.unknown-universe.co.uk
Audit Arch Linux systems for AUR malware. Compare installed packages against the live Atomic Arch threat list locally in the browser. Privacy-focused tool.

The “Atomic Arch” campaign compromised over 1,500 AUR packages between June 10-12, targeting SSH keys and API tokens. If you updated via yay or paru during that window, you need to audit your local system.

I’ve built a client-side tool to help with this.

Local Processing: Your package list never leaves your browser. All comparisons are done client-side.

Live Data: It fetches the verified malicious list directly from the official Arch servers (md.archlinux.org) to ensure it’s always current. Zero Bloat: No trackers, no ads, no cookies. How to use:

  1. Run pacman -Qm
  2. Paste the output into the tool
  • brokenwing@discuss.tchncs.de
    5·
    12 hours ago

    I would recommend to firstly check the update window for the package. It seems that these packages only contained the malware PKGBUILD for a certain time period, before the commit was reverted back by the arch/air devs.

    Then if you find youself infected, try

    1. Rotating the stored passwords on chromium/electron based browsers/apps.
    2. Rotate keys, (SSH, Cloud, Github etc).
    3. Backup your files, this is not a virus, so the file are safe.
    4. Reinstall the system from a live USB.
    5. FINALLY Nuke your house with a Hydrogen bomb.