cybersecurity

6226 readers

11 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 3 years ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub

Atomic Arch: 900+ AUR Packages Backdoored with eBPF RootkitCopy (thecybersecguru.com)

submitted 3 days ago by WPSteam@lemmy.world to c/cybersecurity@infosec.pub

1 comments fedilink hide all child comments

Atomic Arch is a major AUR supply-chain attack (over 1.5K packages affected as of now) where attackers hijacked orphaned Arch packages and used malicious install hooks to pull npm payloads that executed a Linux ELF infostealer. It targeted developer secrets like SSH keys, GitHub/npm tokens, browser sessions, Docker/Vault credentials, and chat app data, while also using an eBPF rootkit to hide itself when run as root.

top 1 comments

sorted by: hot top controversial new old

[–] UnLocoPoco@lemmy.world 4 points 2 days ago

Update: seems like there's a 2nd wave of attack..a bit more sophisticated than the initial wave..has begun. Code is more obfuscated