Pulse of Truth

2429 readers

19 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth@infosec.pub

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit (thehackernews.com)

submitted 2 days ago by lemmydev2@infosec.pub to c/pulse_of_truth@infosec.pub

3 comments fedilink hide all child comments

Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them.

The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide itself. The AUR is Arch Linux's community package collection, and it is separate

you are viewing a single comment's thread
view the rest of the comments

[–] Sammirr@aussie.zone 7 points 2 days ago

It means that if you've installed (built) anything from the AUR in the last ~48 hours, and you were unlucky enough to choose an impacted package, then consider you machine compromised. The article does a better job of explaining.