Over 400 AUR Packages Compromised with Infostealer and Rootkit by Malicious Maintainer
By
keyle
FeedBagel synthesis
· 6 sourcesA second, more sophisticated wave of malware has hit the Arch Linux AUR, one day after developers believed they had contained an initial incident affecting over 1,500 packages, Hacker News reported. The new attack employs code obfuscation and has compromised packages including Node.js packages, a Plasma 6 applet, and Firefox packages, according to Hacker News. The initial incident began when a malicious maintainer named "arojas" compromised over 400 orphaned packages with infostealer malware and a rootkit, Hacker News noted. Arch Linux maintainers are responding by deleting malicious content and banning accounts, and the Arch Linux team believes the situation is now under control, bsky reported.
Toasted to a respectable shade. No regrets, no crumbs left.
Summary
A new AUR (Arch User Repository) package maintainer named "arojas" has compromised over 400 packages by adopting and infecting them with infostealer malware and a rootkit. The incident was reported, and other AUR maintainers are actively working to address the widespread compromise. This represents a significant supply chain attack targeting the Arch Linux community.
Key quotes
· 2 pulledIt appears a new AUR package maintainer (arojas) adopted and infected 408+ packages.
The compromise was reported and other AUR maintainers have been working to…
You might also wanna read
Over 400 Arch Linux AUR Packages Compromised in Malware Campaign
A large-scale malware campaign compromised over 400 user-supplied packages in the Arch Linux User Repository (AUR). Arch Linux maintainers h
buff.ly·2d ago
Arch Linux AUR hit by wave of malware-infected package descriptions
The Arch User Repository (AUR) is experiencing a large-scale attack where malicious actors have taken over hundreds of orphaned package desc
heise.de·2d ago
Attacker publishes 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
A single npm user published 14 malicious packages over four hours, impersonating popular OpenSearch, Elasticsearch, DevOps, and environment-
briefly.co·16d ago
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
A threat actor using the alias vpmdhaj published 14 malicious npm packages within four hours, impersonating legitimate OpenSearch, Elasticse
theregister.com·15d agoMicrosoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
A threat actor using the alias vpmdhaj published 14 malicious npm packages within four hours, impersonating legitimate OpenSearch, Elasticse
theregister.com·15d ago
AI-Generated npm Package Leaks Its Own GitHub Token, Exposing Malware Operator
A malicious npm package named mouse5212-super-formatter, identified by OX Security, was caught leaking its own hardcoded GitHub token. This
infosecurity-magazine.com·16d ago
KDE Linux Shifts to Vanilla Kernel, Drops AUR Usage in Security-Focused Update
KDE Linux, KDE's in-progress immutable operating system, received infrastructure, security, testing, and application updates in May. The pro
linuxiac.com·1d ago