Tons of clawing at each other’s throats in the comments here, largely declaring one another retarded for their use or misuse of AUR or thanking their lucky stars that none of their packages are on the list (so far), but not much that’s helpful for those less fortunate. Maybe nobody’s saying anything to that end because the article already covered it, but this is the second out of two times I’ve visited cybersecuritynews.com and been stuck in an “Are you a bot?” loop that never ends no matter how much of my browser’s safeguards I peel off.

Here’s what steps I did so far, based on following the links I found in this thread (especially the GitHub comments under one of the links):

1. pacman -Qm in console yielded a list of all the AUR packages that are installed on the system

2. CTRL+F the results one-by-one in the apparent most up-to-date list: https://md.archlinux.org/s/SxbqukK6IA

3. I have one on that list, specifically wine-nine, so I ran bat --style header,snip,changes /var/log/pacman.log | grep wine-nine which yielded the following (at the bottom of a very long list of apparent updates I’ve run since installing the OS):

[2026-06-05T20:37:06-0400] [ALPM-SCRIPTLET] wine-nine 0.10-1

[2026-06-07T21:50:58-0400] [ALPM-SCRIPTLET] wine-nine 0.10-1

[2026-06-08T20:56:54-0400] [ALPM-SCRIPTLET] wine-nine 0.10-1

[2026-06-09T21:38:44-0400] [ALPM-SCRIPTLET] wine-nine 0.10-1

[2026-06-10T21:58:52-0400] [ALPM-SCRIPTLET] wine-nine 0.10-1

[2026-06-12T20:18:37-0400] [ALPM-SCRIPTLET] wine-nine 0.10-1

[2026-06-12T20:18:37-0400] [ALPM-SCRIPTLET] wine-nine 0.10-1

(Like a good little Arch user I’ve been updating pretty frequently)

4. Now what?

I saw something that said “check for suspicious processes running as root” but I have no idea what that would look like.

I saw something that said I need to redo all of my passwords and tokens. Any way to check if that’s necessary or should I just assume I’ve been pwn3d?

In using pacseek I think I’ve discovered wine-nine hasn’t been modified in the AUR since “2024-12-07 - 15:18:31 (UTC)” so can I relax a bit? I’m currently going through my list of AUR packages and deciding whether or not I need them as badly as I originally thought. Sadly my distro is one of those that decided to lean on AUR, because most of my list (apart from two) I don’t recognize as something I’ve installed myself.

pacseek would not let me remove the following AUR packages (which thankfully are not in the list (yet)):

:: removing electron41-bin breaks dependency 'electron41' required by deltachat-desktop - an encrypted chat application I installed (not via AUR) I suppose I could find an alternative for

:: removing electron41-bin breaks dependency 'electron41' required by freetube - a YouTube frontend I installed (not via AUR) I suppose I could find an alternative for

:: removing libsoup breaks dependency 'libsoup' required by webkit2gtk - no idea what webkit2gtk is

I only just now realized that chaotic-aur is probably just as problematic as AUR, both in my decision to use packages at all as well as my searching the list of compromise packages, yes? I have tons more packages under that, most of which I think came with the OS.