AUR Packages Compromised with Infostealer and Rootkit
6 hours ago
- #supply-chain-attack
- #arch-linux-security
- #aur-compromise
- A new AUR package maintainer adopted and infected over 408 packages with malware.
- Compromised packages included a preinstall script using npm to install a malicious package called atomic-lockfile.
- Arch users should check for exposure with a provided script, review IoCs, and follow compromise procedures including credential rotation.