What Happened
An AUR supply chain attack compromised more than 400 Arch Linux packages from 11 June 2026, planting a Rust credential stealer and an eBPF rootkit that hides from standard inspection tools.
Who Is Affected
Users of Arch Linux who installed packages from the Arch Linux User Repository (AUR) may be affected.
Severity & Impact
The severity of the attack is high due to the large number of compromised packages and the nature of the malware, which includes a credential stealer and a rootkit.
Mitigation
No specific mitigation steps are provided in the source data.