1#!/usr/bin/env bash
2#
3# A quick-and-easy check for possibly impacted packages
4# of the 20260611 AUR exploitation
5#
6# Forked+updated from, and credit to, the original:
7# https://gist.github.com/Kidev/59bf9f5fb53ab5eee99f19a6a2fc3992
8#
9# <3 cscs <3
10
11INFECTED_PKGS=(
12 123pan-bin
13 1code
14 8192eu-dkms-git
15 actual-ai
16 adblock2privoxy
17 aion-git
18 albion-online-launcher-bin
19 alienfx
20 alvr
21 android-signapk
22 android-signapk-gui
23 android-support-repository
24 annobin
25 ansible-language-server
26 antfs-cli-git
27 anythingllm-appimage
28 anythingllm-cli-bin
29 apk-installer-gui
30 apm_planner-bin
31 apothem
32 apple-music-desktop
33 arch-update-vai
34 archjh
35 archlinux-themes-slim
36 archmage
37 archtex-git
38 arm-linux-gnueabihf-binutils
39 artanis-git
40 astro-editor-appimage
41 autohand-cli
42 autolabel
43 autologin
44 azurlaneautoscript
45 bcachefs-kernel-dkms-git
46 beebeep
47 bitcoin-core-git
48 blinkenlib
49 blueproximity-py3-git
50 booklore
51 brow6el
52 brow6el-git
53 canon-pixma-mg3000-complete-fixed
54 cartridge-cli
55 ccase-bin
56 ccl-git
57 cgminer
58 charcoal
59 cinny-desktop-system-tray
60 clai
61 clang19
62 clash-mi
63 cling-git
64 cmuclmtk
65 cnijfilter-common
66 codenomad-bin
67 codeql-cli-bin
68 cogpit-bin
69 colorhug-client
70 colorz
71 compiler-rt19
72 compizconfig-python
73 coolreader
74 cowdancer
75 cutefish-calculator
76 cutefish-core
77 cutefish-dock
78 cutefish-filemanager
79 cutefish-icons
80 cutefish-launcher
81 cutefish-qt-plugins
82 cutefish-screenlocker
83 cutefish-screenshot
84 cutefish-settings
85 cutefish-statusbar
86 cutefish-wallpapers
87 cvs-feature-bin
88 cynthiune.app
89 dagu-bin
90 datatype99
91 deheader
92 dep
93 dh-python
94 difi
95 difi-bin
96 doctoc
97 dots-hyprland-fork-git
98 dvdrip
99 dyad-bin
100 easy_spice
101 edconv-bin
102 efiboots-git
103 electrum-nmc
104 elmerfem
105 eisl
106 epson-inkjet-printer-escpr2-clos-bin
107 exodus-wallet-bin
108 exoduswallet
109 farmmod-hub
110 fastoggenc
111 fastjet
112 fatx
113 fcitx5-pinyin-sougou-dict-git
114 ffmpeg-bitrate-stats
115 ffmpeg-quality-metrics
116 findpkg-git
117 firefox-extension-adnauseam-bin-amo
118 firmium-desktop-git
119 fishui
120 fishui-git
121 flashfocus
122 flexiblas
123 flynarwhal
124 fmlib
125 forgecode-bin
126 formidable-bin
127 frame
128 ftl
129 frutool
130 futhark-bin
131 gdl
132 gdlmm
133 git-annex-standalone
134 gnome-contacts-git
135 gnome-randr-rust
136 gnutls3.8.9
137 gopher2600
138 gopher2600-bin
139 gosh
140 gpx-viewer
141 graveman
142 green-tunnel-bin
143 greetd-wlgreet-git
144 gtkimageview
145 guile-reader
146 gummy
147 gummy-git
148 hackmatrix-git
149 harmony-wad
150 headphones
151 hearthstone-linux-gui-appimage
152 hearthstone-linux-gui-bin
153 hepmc2
154 hister-git
155 hnswlib-git
156 horst
157 hydownloader-git
158 hydrus-git
159 i3bar-river
160 ianny-bin
161 ibm-sw-tpm2
162 ihaskell-git
163 imageglass
164 inadyn
165 indicator-session
166 infnoise-openssl-git
167 interface99
168 ios-webkit-debug-proxy
169 ipfs-desktop-bin
170 ipsw
171 iron-heart-git
172 jasp-desktop
173 jd-gui
174 k3sup
175 kdb
176 kddockwidgets-git
177 kexi
178 kiss
179 ktea
180 kookbook
181 kproperty
182 kreport
183 latex-digsig
184 lazylpsolverlibs-git
185 ledger-udev-bin
186 lesstif
187 lib32-egl-wayland
188 libafterimage
189 libbobcat
190 libcutefish
191 libffi-static
192 libgdata
193 libjxl-noglycin
194 libquvi
195 libquvi-scripts
196 libretro-hatari-enhanced-git
197 libxdiff
198 libxml-ruby
199 libyami
200 linux-cachyos-deckify-native
201 linux-cachyos-deckify-native-headers
202 linux-cachyos-native
203 linux-cachyos-native-headers
204 linux-cachyos-native-nvidia-open
205 linux-cachyos-rc-native
206 linux-cachyos-rc-native-headers
207 linux-cachyos-rc-native-nvidia-open
208 linux-tool
209 liri-cmake-shared-git
210 lite
211 lll
212 llvm-cbe-git
213 lowfi-bin
214 "ls++"
215 lucidvideo
216 m5rcode
217 magpie-wm
218 mako-center-git
219 manuskript
220 maszyna-git
221 mathsat-5
222 matrixbrandy
223 mcp-probe
224 mcpatcher
225 mermaid-ascii-git
226 mermark-editor
227 mesa-dlss-reflex-git
228 meteo
229 mimic-node-git
230 mingw-w64-geos
231 mingw-w64-libsndfile
232 minimax-bin-hardened
233 minitube
234 misuzu-music-bin
235 mono-addins
236 monochrome
237 monochrome-git
238 moor-git
239 mount-gtk
240 mopen
241 n1-translator
242 naemon
243 naemon-livestatus
244 natapp
245 nebuchadnezzar-git
246 neovim-autopairs-git
247 neovim-nvim-treesitter
248 nerf-pi
249 neuro-karaoke-wrapper-git
250 new-api-privacy-filter
251 new-api-privacy-filter-git
252 nextcloud-app-audioplayer
253 nextcloud-app-facerecognition
254 nextcloud-app-gpoddersync
255 nextcloud-app-integration-google
256 nextcloud-app-repod
257 nextcloud-app-twofactor-gateway
258 nextcloud-git
259 nexus-bin
260 nginx-mod-vts
261 nhentai-git
262 nocodb
263 noctyra-dotfiles-git
264 noctyra-meta-git
265 "notepad---bin"
266 nox-bin
267 nrpe
268 nwchem-bin
269 ob-xd
270 octocode
271 opencode-codebase-index-bin
272 openui5
273 opl-synth
274 optimizevideo-git
275 oracle-bin
276 pacforge
277 paper-desktop-bin
278 paq8o
279 parallel-python
280 pass-cli
281 pelican-git
282 penguin-subtitle-player
283 perl-proc-parallelloop
284 perl-set-object
285 perl-term-extendedcolor
286 phonon-qt5-vlc
287 php-geoip
288 php-legacy-memcache
289 php-memcache
290 php-openswoole-git
291 php-xdiff
292 picom-ftlabs-git
293 pidgin-kwallet
294 pipetoys
295 pipewire-visualizer-git
296 plex-media-player-custom
297 plex-media-player-mod
298 plex-media-player-v2
299 premake-git
300 prisma4postgres-bin
301 profile-sync-daemon-zen
302 pymacs
303 pypiserver
304 pypy-setuptools
305 python-apt
306 python-affine
307 python-argdispatch
308 python-awkward
309 python-axolotl-git
310 python-calmjs
311 python-celery
312 python-cerealizer
313 python-ci-info
314 python-coolname
315 python-cu2qu-git
316 python-dataproperty
317 python-dbapi-compliance
318 python-dictobject
319 python-dj-database-url
320 python-django-modelcluster
321 python-django-rest-knox
322 python-fastmcp-slim
323 python-finnhub-python
324 python-firebase-admin
325 python-fmu_manipulation_toolbox
326 python-future
327 python-g4f
328 python-hist
329 python-histoprint
330 python-hsaudiotag3k
331 python-iminuit
332 python-iso3166
333 python-isr-git
334 python-jsmin
335 python-json2xml
336 python-luckydonald-utils
337 python-milvus-lite-bin
338 python-mmcif
339 python-monotonic
340 python-mplhep
341 python-mplhep_data
342 python-netaudio-git
343 python-netaudio-lib
344 python-newspaper4k
345 python-nipype
346 python-nodejs-wheel
347 python-openai-harmony
348 python-orange
349 python-pdf2docx
350 python-piecash
351 python-pluginmgr
352 python-poetry-plugin-dotenv
353 python-privy-git
354 "python-pushbullet.py"
355 python-pychromecast-git
356 python-pylsp-rope
357 python-pymilvus
358 python-pysocks-git
359 python-rembg
360 python-scikit-hep-testdata
361 python-sklearn-pandas
362 python-sqliteschema
363 python-starlette-compress
364 python-starsessions
365 python-steamcontroller-git
366 python-tabledata
367 python-tarantool
368 python-tradingeconomics
369 python-uhi
370 python-uproot
371 python-vector
372 python-xtarfile
373 python2-appdirs
374 python2-fusepy
375 python2-lazr-uri
376 python2-mutagen
377 python2-notify
378 python2-packaging
379 python2-paver
380 python2-pyparsing
381 python2-simplejson
382 python2-simpleparse
383 python2-stomper
384 python2-twodict-git
385 python2-xlib
386 qhttpengine
387 qlementine
388 qmdnsengine
389 qnapi
390 qobuz-player-bin
391 qtum-core
392 quickswitch-i3
393 r-dbplyr
394 reactphysics3d
395 repoporge
396 retibbs-client-git
397 rhythmbox-git
398 rimworld
399 rog-helper-git
400 ros2-humble-nav2-msgs
401 rtspeccy-git
402 ruah-orch
403 ruby-excon
404 ruby-kramdown-rfc2629
405 ruby-selenium-webdriver
406 runescape-launcher
407 sakura-launcher-gui
408 sandlock
409 screenpipe-bin
410 sdcc-bin
411 seahorse-nautilus
412 shhmsg
413 shhopt
414 slipnet
415 slipnet-bin
416 smenu
417 smenu-git
418 smolrtsp
419 smolrtsp-libevent
420 snry-shell-qs
421 soapyptezuka
422 solara-kernel-headers
423 sonosano
424 soundpaad-bin
425 sshuttlee
426 sshuttlee-bin
427 stompbox-jack-git
428 stripe-cli
429 stylelint-config-recommended
430 subbrute
431 sublist3r-git
432 subprocess
433 subsync
434 svu
435 sway-xkb-switcher
436 tack
437 tarantool
438 tesseract-gui
439 thunar-nextcloud-plugin
440 thunderbird-conversations
441 tinyemu
442 tlpui-git
443 torch7-git
444 touchhle
445 touchosc-bin
446 transcreen
447 tsm
448 ttf-material-design-icons-git
449 tunacode-cli
450 typing-game-cli
451 ukui-notification-daemon
452 vapoursynth-preview-git
453 vbam-git
454 verso-git
455 vidcutter
456 vim-easymotion
457 vim-gitgutter
458 vim-indent-object
459 vim-molokai
460 vim-pythonhelper
461 vim-solidity
462 vim-vital
463 vocalinux-git
464 voquill-gpu
465 wallpaper-generator-next
466 wayland-static
467 we-layerd-git
468 whatsie-git
469 whisper2tr
470 whisper2tr-git
471 windowmaker-git
472 wine-nine
473 wire-desktop
474 word-snatchers-cli
475 workbench
476 workbuddy-bin
477 wrystr-git
478 wsjtx-beta
479 xf86-input-mtrack-git
480 xorg-xfsinfo
481 xplot
482 xpra-html5
483 xray-domain-list-community
484 yarg
485 yt6801-dkms
486 yy
487 zathura-gruvbox-git
488 zerx-lab-dida-bin
489 zerx-lab-zed-nightly-bin
490 zing-8-bin
491 zing-17-bin
492 zing-21-bin
493 zinnia-python
494 zsdx
495)
496
497echo
498echo "Checking for infected AUR packages (${#INFECTED_PKGS[@]} total)..."
499echo
500
501found=()
502while read -r pkg; do
503 if LC_ALL=C pacman -Qi $pkg | tail -5 | head -1 | grep -qE 'Jun 9|Jun 10|Jun 11|Jun 12'; then
504 found+=("$pkg")
505 fi
506done < <(pacman -Qmq "${INFECTED_PKGS[@]}" 2>/dev/null)
507
508if [[ ${#found[@]} -eq 0 ]]; then
509 echo "Clean: None of the known infected packages were installed within 48 hours of the campaign."
510else
511 echo "WARNING: ${#found[@]} possibly infected package(s) found:"
512 for pkg in "${found[@]}"; do
513 echo " - $pkg"
514 done
515fi
516echo