Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit - The Hacker News

Attackers hijacked 400+ Arch Linux AUR packages to run a Rust credential stealer, with optional eBPF rootkit support on root systems.

Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them.
The malware is …