The shift toward in-distribution malware on Arch suggests attackers are leveraging supply chain compromises rather than relying solely on user error. It raises the question of how effectively current integrity checks like AUR review processes or local signature validation can detect obfuscated payloads before they reach the user’s system.
threaded - newest
md.archlinux.org/s/SxbqukK6IA
This is a community edited list of packages that are affected
The shift toward in-distribution malware on Arch suggests attackers are leveraging supply chain compromises rather than relying solely on user error. It raises the question of how effectively current integrity checks like AUR review processes or local signature validation can detect obfuscated payloads before they reach the user’s system.