Back to zf15750701's feed

400+ AUR Packages Compromised with Infostealer and Rootkit (opens in new tab)  🔌AF_XDP

discourse.ifin.network··Hacker News·Cited by 2 articles·Open original (opens in new tab)

Last Updated: 2026-06-12T04:22:42Z (UTC) What’s Happening It appears a new AUR package maintainer (arojas) adopted and infected 408+ packages. The compromise was reported and other AUR maintainers have been working to remove the infected packages. The affected packages were modified with preinstall scripts to use npm to install the atomic-lockfile package, a malicious payload. Here’s an example of the change: This blog has a deep dive into the attack. Actions If you don’t use Arch (b...

Read the original article
Sign in to keep reading the full article.
Sign UpLog In

Cited by 2 articles

Over 400 Arch Linux packages compromised to push rootkit, infostealer

bleepingcomputer.com·

Show HN: A Terrible Way to Consume Hacker News – AI Slop

deadinternet.tech··Hacker News

Keyboard Shortcuts

Navigation

Next / previous item
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Browse
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help