Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them.

The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide itself. The AUR is Arch Linux’s community package collection, and it is separate

  • droppedtacos@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    ·
    22 days ago

    Also, if you’re running an arch based system and you’re worried, in the terminal you can run:

    pacman -Qm

    to display what’re considered foreign packages that your system has installed and cross reference them, if any, with the list found here:

    aur_check