Atomic Arch: 900+ AUR Packages Backdoored with eBPF RootkitCopy - AOS for Lemmy.World - A generic Lemmy server for everyone to use.

201

Atomic Arch: 900+ AUR Packages Backdoored with eBPF RootkitCopy

4d 11h ago by lemmy.world/u/WPSteam in cybersecurity@infosec.pub from thecybersecguru.com

Atomic Arch is a major AUR supply-chain attack (over 1.5K packages affected as of now) where attackers hijacked orphaned Arch packages and used malicious install hooks to pull npm payloads that executed a Linux ELF infostealer. It targeted developer secrets like SSH keys, GitHub/npm tokens, browser sessions, Docker/Vault credentials, and chat app data, while also using an eBPF rootkit to hide itself when run as root.

Update: seems like there's a 2nd wave of attack..a bit more sophisticated than the initial wave..has begun. Code is more obfuscated