Arch Linux mistakenly hosted three malicious packages that delivered the CHAOS RAT to Linux devices, which was swiftly removed after community detection. This incident highlights the risks associated with unreviewed packages in repositories like AUR. #CHAOSRAT #ArchLinux
Keypoints
- Three malicious AUR packages were uploaded by the same user, containing a remote access trojan (RAT).
- The packages pointed to a GitHub repository with malicious code executed during installation.
- The malware installed is known as CHAOS RAT, capable of uploading files, executing commands, and opening reverse shells.
- The packages were removed within two days after community oversight, but archived copies are still available.
- Users are advised to scan for suspicious processes like βsystemd-initdβ and remove the malicious packages immediately.