Users can check if they’re already compromised with pacman -Q | grep alvr I think maybe? EDIT: No, sorry, alvr was just one of countless affected packages. Also, several is an understatement since a huge number of packages are affected.
Oh my, I’m new to Linux and I use CachyOS for my gaming rig at home. Most of the time I have no idea what I’m doing, but shit runs well and I’m happy about it. But how the hell do I check my noob ass if it’s compromised?!
I’m not real clear on if this is the case but you could try:
Have you installed or updated from the AUR before, such as with Yay? Specifically after June 5th? If so, check this list or the post above for a list of compromised packages. https://gr.ht/aur_pkg_list.txt
Maybe pacman -Q | grep atomic-lockfile because that appears to be what the threat actor is installing but I’m not really sure if that’s how it works…?
EDIT: If you really want to play it safe then you could try yay -R $(pacman -Qmq) to remove every aur package and wait out the storm, just be careful to backup important files.
alvr as in the vr streaming program for standalone headsets? that’s kind of a niche among niches. Linux VR users with standalone vr headsets that use that specific method.
I panicked a bit when I saw the news earlier today as one of those niche guys. Then remembered I had removed it for WiVRn a few weeks ago and don’t have anything else off the AUR. Double niche win lol
EDIT: No, sorry, alvr was just one package, there is no specific source for the infection just one or many malicious users: https://gr.ht/aur_pkg_list.txt
I actually had the alvr bin aur installed on my old destop machine. Its just the only proper way for me on Quest to properly play any PCVR games. But i haven’t used nor updated that one in a while. My new arch machine luckily doesn’t have this installed but now im freaking out
Users can check if they’re already compromised withEDIT: No, sorry, alvr was just one of countless affected packages. Also, several is an understatement since a huge number of packages are affected.pacman -Q | grep alvrI think maybe?Post with more information here: https://lists.archlinux.org/archives/list/aur-general@lists.archlinux.org/thread/FGXPCB3ZVCJIV7FX323SBAX2JHYB7ZS4/
Oh my, I’m new to Linux and I use CachyOS for my gaming rig at home. Most of the time I have no idea what I’m doing, but shit runs well and I’m happy about it. But how the hell do I check my noob ass if it’s compromised?!
I’m not real clear on if this is the case but you could try:
Have you installed or updated from the AUR before, such as with Yay? Specifically after June 5th? If so, check this list or the post above for a list of compromised packages. https://gr.ht/aur_pkg_list.txt
Maybe
pacman -Q | grep atomic-lockfilebecause that appears to be what the threat actor is installing but I’m not really sure if that’s how it works…?EDIT: If you really want to play it safe then you could try
yay -R $(pacman -Qmq)to remove every aur package and wait out the storm, just be careful to backup important files.alvr as in the vr streaming program for standalone headsets? that’s kind of a niche among niches. Linux VR users with standalone vr headsets that use that specific method.
Sweats in “linux vr is one of my current hobby projects”
it’s going to be year of the linux vr soon anyway
I am so hyped for this actually
I panicked a bit when I saw the news earlier today as one of those niche guys. Then remembered I had removed it for WiVRn a few weeks ago and don’t have anything else off the AUR. Double niche win lol
EDIT: No, sorry, alvr was just one package, there is no specific source for the infection just one or many malicious users: https://gr.ht/aur_pkg_list.txt
I actually had the alvr bin aur installed on my old destop machine. Its just the only proper way for me on Quest to properly play any PCVR games. But i haven’t used nor updated that one in a while. My new arch machine luckily doesn’t have this installed but now im freaking out