Over 400 packages in Arch Linux's Arch User Repository (AUR) were compromised this week when attackers hijacked them and modified build scripts to deploy credential-stealing malware. The malicious payload is a Rust-based binary designed to harvest developer credentials and secrets, with the capability to deploy an eBPF rootkit when executed with root privileges to evade detection.
Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide itself. The AUR is Arch Linux's community package collection, and it is separate
Originally published at thehackernews.com
60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.
