The Cemu Wii U emulator team confirmed that Linux versions of the 2.6 release hosted on GitHub were compromised with malware between May 6 and May 12, 2026.

Key Points

• Compromised files include the Linux AppImage and Ubuntu ZIP assets hosted on the official Cemu GitHub repository.
• The breach occurred after a contributor’s GitHub token was stolen via a malicious Python package, allowing attackers to replace legitimate binaries.
• The malware is designed to harvest credentials and includes a destructive payload that wipes filesystems if it detects an Israeli user location.
• Cemu Flatpak versions and installers for other operating systems remain unaffected by this specific supply chain attack.
• Users who executed the compromised files are advised to reinstall their operating systems and reset all critical passwords, SSH keys, and service tokens.

Why it Matters

This incident highlights the growing vulnerability of open-source software supply chains to targeted credential theft and malicious code injection. It serves as a critical reminder for users to verify file hashes and exercise caution when executing binaries downloaded from third-party or community-managed repositories.