URL has been copied successfully!
Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit


Tags: , , ,

Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them.The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide itself. The AUR is Arch Linux’s community package collection, and it is separate

First seen on thehackernews.com

Jump to article: thehackernews.com/2026/06/over-400-arch-linux-aur-packages.html

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. 6 ways hackers hide their tracks
  2. 400+ Arch Linux AUR Packages Hijacked to Install Rust Credential Stealer
  3. Preventing Breaches MFA on Remote Access to Linux, Unix, and Infrastructure Systems
  4. What to Know About CyberAv3ngers: The IRGC-Linked Group Targeting Critical Infrastructure