Black & White Path

Jun 15, 2026 · Information Security

Over 400 Arch Linux AUR Packages Hijacked: Rust Infostealer and eBPF Rootkit Supply‑Chain Attack Analysis

In June 2026 attackers compromised more than 400 Arch Linux AUR packages by hijacking orphaned packages, inserting a Rust‑based credential‑stealing trojan and an optional eBPF rootkit, exfiltrating browser cookies, SSH keys, GitHub tokens and other secrets, and the article details the attack chain, payload capabilities, persistence mechanisms, and provides blue‑team detection and remediation guidance.