Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit

Over 400 packages in Arch Linux's Arch User Repository (AUR) were compromised this week through hijacked build scripts that deployed credential-stealing malware. The Rust-based infostealer targets developer secrets and can deploy an eBPF rootkit when executed with root privileges to evade detection.

Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide itself. The AUR is Arch Linux's community package collection, and it is separate

Originally published at thehackernews.com

#Credential Theft #Cybersecurity #Linux Security #Malware #Supply-Chain-Attack #Vulnerabilities

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit

Talk to an architect about applying this to your stack.

More from the journal

ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed

Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing

400+ Arch Linux AUR Packages Hijacked to Install Rust Credential Stealer