Hackers Injected Malicious Firefox Packages in Arch Linux Repo
gbhackersCybersecurity researchers have identified a sophisticated supply chain attack targeting Arch Linux users through malicious packages designed to masquerade as Firefox browser variants.
Three compromised packages containing Remote Access Trojan (RAT) malware were successfully uploaded to the Arch User Repository (AUR) on July 16, 2025, before being detected and removed by the Arch Linux security team two days later.
Attack Timeline and Discovery
The security breach began on July 16, 2025, at approximately 8:00 PM UTC+2, when an unknown threat actor uploaded the first malicious package to the AUR.
Within hours, the same user account distributed two additional compromised packages, all containing identical malware payloads sourced from a single GitHub repository.
The attack remained undetected for approximately 46 hours before the Arch Linux team identified and addressed the security incident on July 18, 2025, at around 6:00 PM UTC+2.
The timing of this attack is particularly ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE