Attackers hijacked 400+ Arch Linux AUR packages to run a Rust credential stealer, with optional eBPF rootkit support on root systems.

AUR was considered a looming security threat.

At least 1,500 malicious packages were published to the Arch User Repository (AUR) as part of the Atomic Arch supply chain ...

Malicious apps got into the Arch User Repository - how to protect yourself ...

Attackers hijacked over 1,500 packages in Arch Linux's AUR to plant a credential stealer. The official repos are safe, but the trust model took the hit.

More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. A report from the open-source intelligence ...

The Arch Linux team has warned users for years about verifying each AUR package before installing it. The Arch Linux team is the second Linux distro that has found malware on its user-submitted ...

Keep Arch Linux clean and stable with these six essential maintenance tasks, from package updates to orphan removal and ...

Arch Linux continues to struggle with a large-scale malware wave in its user repository AUR (Arch User Repository). This is currently literally flooded with malware. The attack continues and becomes ...

Before attempting to install a .deb package on Arch Linux, it is crucial to first check if the software is available in the official Arch repositories or the Arch User Repository (AUR). This step ...