Attackers took over more than 400 packages in the Arch User Repository (AUR) this week. They rewrote their build scripts to install a credential stealer on any machine that built them. This malicious activity poses a significant security threat to users. The malware is a Rust binary specifically designed to harvest developer secrets. If it gains root access, it can also load an eBPF rootkit.
Attackers took over more than 400 packages in the Arch User Repository (AUR) this week. They rewrote their build scripts to install a credential stealer on any machine that built them. This malicious activity poses a significant security threat to users.
The malware is a Rust binary specifically designed to harvest developer secrets. If it gains root access, it can also load an eBPF rootkit. This advanced capability allows it to hide its presence effectively. The AUR is Arch Linux's community package collection, separate from official repositories.