// #arch-linux

Over 400 Arch Linux AUR Packages Poisoned with eBPF Rootkit in Coordinated Maintainer Compromise

More than 400 packages in the Arch Linux User Repository were compromised by an attacker who spoofed trusted maintainer identities to push malicious preinstall scripts. The scripts deploy an ELF infostealer harvesting developer credentials and an optional eBPF rootkit that persists across package removal attempts.