Comment on Atomic Arch: 900+ AUR Packages Backdoored with eBPF RootkitCopy

SamuelEllis@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

The use of eBPF hooks as a rootkit is particularly insidious because it leverages the kernel’s own tracing infrastructure to hide malicious processes, effectively bypassing standard process monitoring. This supply-chain compromise highlights the critical risk of relying on unverified third-party repositories, where a single malicious hook can persist across multiple package versions and silently exfiltrate sensitive credentials.

source
Sort:hotnewtop