AUR malware hit 1500+ packages, Steam and WordPress also targeted

Starting June 11, 2026, the Arch User Repository suffered a malware attack that compromised over 1,500 packages via abandoned package takeover. The malicious build scripts installed infostealer malware targeting browser credentials, SSH keys, and crypto wallets. Steam users were also targeted through a Wallpaper Engine malware campaign.