AUR Packages Compromised with Infostealer and Rootkit
Summary
AUR package maintainer compromised 408+ packages, injecting a malicious preinstall script that uses npm to install a malicious atomic-lockfile payload. The attack leads to an infostealer and an eBPF rootkit, representing a significant supply-chain-style compromise. The article provides indicators, affected package guidance, and links to in-depth analyses.