Over the past few weeks, there have been several reports of malware discovered in Arch User Repository (AUR) packages.
Read more:
https://linuxconfig.org/aur-malware-packages-exploit-critical-security-flaws-exposed
The AUR is a valuable tool in the Arch Linux ecosystem, offering thousands of user-maintained packages that aren’t included in the official repositories. I’ve used it many times over the years — usually to get the latest versions of applications, or to try out fonts, icon sets, and themes.
However, it’s important to remember that Arch Linux does not support or vet AUR packages.
Official documentation:
https://wiki.archlinux.org/title/Arch_User_Repository
“AUR packages are user-produced content. These PKGBUILDs are completely unofficial and have not been thoroughly vetted. Any use of the provided files is at your own risk.”
If you’re using the AUR, here are a few tips to stay safe:
Read the PKGBUILD
before installing anything.
Check the package age — newly uploaded ones may pose a greater risk.
Look at the number of votes and comments as a rough measure of trust.
Use antivirus or scanning tools if you’re unsure.
Consider basic firewall rules.
Some users have asked whether GreenBANG contains anything hidden, and in the past, I’ve even been accused of embedding scripts in the ISO image.
To be clear: GreenBANG does not contain hidden features.
All included scripts are located in:
/home/gblive/GB_Scripts/
They are clearly visible, written in plain shell, and easy to read. Nothing is obfuscated. The aim is transparency — users should always be able to see what’s going on under the hood.
If you ever have questions or concerns, you’re welcome to email me directly and I’ll do my best to answer.
A new ISO is currently being uploaded. It includes a small fix in Openbox that allows reconfiguration via keybind. Thanks to Jes for spotting that and letting me know.
Stay safe 😉