Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Over 400 Arch Linux Packages Compromised to Push Rootkit, Infostealer

Summary by BleepingComputer
More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. [...]

13 Articles

BleepingComputerBleepingComputer
Reposted by
cybernoz.comcybernoz.com
Center

Over 400 Arch Linux packages compromised to push rootkit, infostealer

More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. [...]

·New York, United States
Read Full Article
Latest Hacking NewsLatest Hacking News

Atomic Arch: 400+ AUR Packages Backdoored with eBPF Rootkit and Credential Stealer

An AUR supply chain attack compromised more than 400 Arch Linux packages from 11 June 2026, planting a Rust credential stealer and an eBPF rootkit that hides from standard inspection tools. Atomic Arch: 400+ AUR Packages Backdoored with eBPF Rootkit and Credential Stealer on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.

Read Full Article
unsafe.shunsafe.sh

Ongoing AUR Software Package Poisoning Incident

As of June 13, 2026, a large number of malicious software packages have been taken over and updated in the Arch User Software Repository (AUR). We are actively tracking existing malicious commits and working to prevent new malicious commits from being pushed.

Read Full Article
techpowerup.comtechpowerup.com

Arch User Repository Removes Over 400 Software Packages Compromised by Malware

The Arch User Repository (AUR for short) is a community-driven software repository for Arch Linux and its derivatives, often touted as one of the major benefits of using Arch Linux, due to its unmatched software availability. Unfortunately, it was recently discovered that several malicious accounts—it's unclear whether they belonged to a single bad actor or multiple users—had made submissions to some AUR packages to inject malware that added the…

Read Full Article
IT Security News - cybersecurity, infosecurity newsIT Security News - cybersecurity, infosecurity news

400+ Arch Linux AUR Packages Hijacked to Install Rust Credential Stealer

Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide itself. The AUR is Arch Linux’s community package collection, and it is separate This article has been indexed from The Hacker News R…

Read Full Article
The Hacker NewsThe Hacker News

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit

Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide itself. The AUR is Arch Linux's community package collection, and it is separate

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

Linuxiac broke the news on Thursday, June 11, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Cyberattacks icon

Cyberattacks

Linux icon

Linux

Technology icon

Technology

Supply Chain icon

Supply Chain

Cybersecurity icon

Cybersecurity

Business & Markets icon

Business & Markets

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal