Pulse of Truth

2429 readers

19 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth@infosec.pub

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit (thehackernews.com)

submitted 2 days ago by lemmydev2@infosec.pub to c/pulse_of_truth@infosec.pub

3 comments fedilink hide all child comments

Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them.

The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide itself. The AUR is Arch Linux's community package collection, and it is separate

you are viewing a single comment's thread
view the rest of the comments

[–] droppedtacos@lemmy.world 9 points 2 days ago* (last edited 2 days ago)

Also, if you're running an arch based system and you're worried, in the terminal you can run:

pacman -Qm

to display what're considered foreign packages that your system has installed and cross reference them, if any, with the list found here:

aur_check